There are rumors [1] about Wine suffering from the same WMF vulnerability [2] recently discovered and fixed in Windows systems. By looking at recent commits, I understand this is probably fixed in CVS, but does anyone have more information? 1) Is a Microsoft-free system theoretically vulnerable? If I use Wine on GNU/Linux (no native Windows DLLs) to run a .exe image viewer and open a malicious WMF file with it, am I -in theory- vulnerable? 2) If yes, how big is the gap between theory and practice? Can I expect to find exploits in the real world, as it already happens for Windows? 3) What would be at stake if I run a vulnerable Wine version? Wine's fake Windows drive? My entire GNU/Linux home directory? [1]http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041066.html [2]http://www.microsoft.com/technet/security/bulletin/ms06-001.mspx Thank you for your answer, Andrea. _______________________________________________ wine-users mailing list wine-users@xxxxxxxxxx http://www.winehq.org/mailman/listinfo/wine-users
