2 Jan
2006
2 Jan
'06
9:07 p.m.
On Mon, 2 Jan 2006, Marcus Meissner wrote:
Hi,
requesting comments...
This patch reduces the attack vector on metafiles.
I originally wanted to filter only SETABORTPROC, but there are a lot of things that might be used to inject code.
Comments?
Would it not be better to block it in the gdi Escape function? Or is SETABORTPROC legitimitely needed in some cases outside of metafiles?