There are rumors [1] about Wine suffering from the same WMF vulnerability [2]
recently discovered and fixed in Windows systems.
By looking at recent commits, I understand this is probably fixed in CVS, but
does anyone have more information?
1) Is a Microsoft-free system theoretically vulnerable? If I use Wine on
GNU/Linux (no native Windows DLLs) to run a .exe image viewer and open a
malicious WMF file with it, am I -in theory- vulnerable?
2) If yes, how big is the gap between theory and practice? Can I expect to find
exploits in the real world, as it already happens for Windows?
3) What would be at stake if I run a vulnerable Wine version? Wine's fake
Windows drive? My entire GNU/Linux home directory?
[1]http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041066.html
[2]http://www.microsoft.com/technet/security/bulletin/ms06-001.mspx
Thank you for your answer,
Andrea.
