AOL ART Compressed Image

[Ascii2]

I am trying to find an AOL ART compressed image (has a .art extension) to test an update patch.

I cannot (after much googleing) find one.

Where can an AOL ART compressed image be found?

[PC_LOAD_LETTER]

info about .ART:

http://en.wikipedia.org/wiki/ART_image_file_format

google also turned up this:

http://multimedia.cx/eggs/aol-art-format/

which has some samples here:

http://samples.mplayerhq.hu/image-samples/ART/

[Ascii2]

Thank you geek.

I tried using the .ART samples at http://samples.mplayerhq.hu/image-samples/ART/ , but did not arrive at the desired result.

I had applied "AOL Image Support Update for Windows 2000" patch from http://technet.microsoft.com/en-us/library/bb727075.aspx and attempted to read AOL ART images using Internet Explorer 6 with Service Pack 1.

The ART images were not able to be read.

I tried to find out why and noticed KB918439 ( http://www.microsoft.com/technet/security/...n/ms06-022.mspx ).

The KB918439 patch resolves problem for which a remote code execution may occur with handling of AOL ART images by Internet Explorer (not in the image files themselves). The "fix" for the problem was to break (not remove, the files to decode the images are still installed) AOL ART image support instead of fixing the Internet Explorer handling.

I had the KB918439 patch applied.

Edited November 1, 2008 by Ascii2

[Ascii2]

An update:

I have tested new installs of Windows 2000 Professional with Service 4 and Windows XP Professional with Service Pack 1 without the KB918439 patch applied. AOL ART still would not work in browser.

I then attempted to reinstall the operating systems without the KB918439 patch and Cumulative Update for Internet Explorer 6 SP1 (KB916281). No Internet Explorer Cumulative Update was used. The AOL ART images then would load in Internet Explorer correctly.

Internet Explorer Cumulative Update (KB916281) does not seem to update the same files as KB918439, but disables AOL ART image rendering.

Hopefully a registry policy may re-enable the AOL ART rendering function. Please let me know if it is possible.

[Ascii2]

Recently I noticed that a Cumulative Update for Internet Explorer added the "FEATURE_IMAGING_USE_ART" Feature Control registry entry (at [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART]).

No Microsoft documentation (even on the official list of Feature Controls) for FEATURE_IMAGING_USE_ART. The Feature Control is not publically documented by MicrosoftCorporation.

I tried adding DWORD value "iexplore.exe" with value data "1" and DWORD value "explorer.exe" with value data "1" to the Feature Control key and rebooted.

I was then able to view the .ART files in Internet Explorer.

So it seems that a change in default handling behavior occured for which Microsoft had not published a means of how .ART image disabled feature can be reenabled.

[Tripredacus]

IIRC, back in the day, ART files couldn't be seen in IE. They only showed up in Netscape Navigator or Communicator.

[cluberti]

Recently I noticed that a Cumulative Update for Internet Explorer added the "FEATURE_IMAGING_USE_ART" Feature Control registry entry (at [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART]).

No Microsoft documentation (even on the official list of Feature Controls) for FEATURE_IMAGING_USE_ART. The Feature Control is not publically documented by MicrosoftCorporation.

It looks like this starts being checked after installing MS06-021. It's not documented, but it seems like most of the Feature keys that procmon shows IE checking are not publicly documented. Most of these are built to fix specific bugs for customers that create support cases and aren't documented publicly anymore, so this is not surprising.

[Ascii2]

Recently I noticed that a Cumulative Update for Internet Explorer added the "FEATURE_IMAGING_USE_ART" Feature Control registry entry (at [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART]).

No Microsoft documentation (even on the official list of Feature Controls) for FEATURE_IMAGING_USE_ART. The Feature Control is not publically documented by MicrosoftCorporation.

It looks like this starts being checked after installing MS06-021.

I performed many tests to check which patch introduces the check.

As of MS06-021: Cumulative Update for Internet Explorer 6 SP1 (KB916281), rendering of .ART images is disabled by default. The "FEATURE_IMAGING_USE_ART" Feature Control check is also introduced (silently) which may enable rendering of .ART images.

[Ascii2]

The KB918439 patch resolves problem for which a remote code execution may occur with handling of AOL ART images by Internet Explorer (not in the image files themselves). The "fix" for the problem was to break (not remove, the files to decode the images are still installed) AOL ART image support instead of fixing the Internet Explorer handling.

I may have previously confused a part of MS06-021 with MS06-022.

The KB918439 does not break the .ART functionality; it fixes the vulnerability.

[Ascii2]

For those looking for a registry file to merge I provide it as attachment.

The code in the file is the following (unicode):

Windows Registry Editor Version 5.00

; Feature Control (undocumented)

; Feature allows rendering of ART image format
; After KB916281, feature is disabled by default for Internet Explorer and
;	for applications hosting the WebBrowser Control.
; Set to enable for all processes
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART]
"*"=dword:00000001

EDIT: The provided .reg file code has been updated.

art_image_enable.reg

Edited November 13, 2009 by Ascii2

[Ascii2]

Please note that the previous post with enabling .ART image rendering has been been modified to all ART image rendering for all processes. The notes have

A wildcard was used (how to use wildcard is undocumented by Microsoft Corporation).