GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer]

From: Roland Postle (mail@blazde.co.uk)
Date: 09/02/02

Previous message: Thierry De Leeuw: "RE: SUMMARY: SMB overflow attacks"
In reply to: Dan Kaminsky: "Re: Plain text files in internet explorer"
Next in thread: FX: "Re: GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer]"
Next in thread: Chris Sandy: "RE: Plain text files in internet explorer"
Reply: FX: "Re: GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer]"
Reply: Jason Coombs: "RE: GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer]"
Reply: Gerhard den Hollander: "Re: GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer]"
Reply: Dom De Vitto: "RE: GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer]"
Reply: Blue Boar: "Re: GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Roland Postle" <mail@blazde.co.uk>
To: "vuln-dev@securityfocus.com" <vuln-dev@securityfocus.com>
Date: Mon, 02 Sep 2002 18:54:06 +0100

> GIFs can't exploit your
> system. Flash files can, just like any executable.

This myth that static data files such as gifs, jpegs and zip files
/can't/ exploit your system really gets to me. Virus scanners continue
to scan only 'active' content, but some applications are in such
widespread use now that it's only a matter of time before a
vulnerability in say, Winzip's file handling, is exploited in a virus
that infects .zip files. Or a vulnerability in IE's jpeg module that
allows jpegs to carry viruses. It's not 'just like any executable', but
it's not automatically safe either.

- Blazde

Previous message: Thierry De Leeuw: "RE: SUMMARY: SMB overflow attacks"
In reply to: Dan Kaminsky: "Re: Plain text files in internet explorer"
Next in thread: FX: "Re: GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer]"
Next in thread: Chris Sandy: "RE: Plain text files in internet explorer"
Reply: FX: "Re: GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer]"
Reply: Jason Coombs: "RE: GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer]"
Reply: Gerhard den Hollander: "Re: GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer]"
Reply: Dom De Vitto: "RE: GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer]"
Reply: Blue Boar: "Re: GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer]
... > This myth that static data files such as gifs, ... > vulnerability in say, Winzip's file handling, is exploited in a virus ... > allows jpegs to carry viruses. ... There have been mp3s that exploited a buffer overflow in mp3 tag parsing. ...
(Vuln-Dev)
Re: Problem publishing - jpeg pictures not converting to html
... Dotster 'sees' all gifs and jpegs; ... I am using Firezilla to upload my website as an ftp to the hosting site ... The index file is in full html, ...
(microsoft.public.publisher.webdesign)
RE: Problem publishing - jpeg pictures not converting to html
... Using Publisher 2007. ... Dotster 'sees' all gifs and jpegs; ... BTW -- have talked to Dotster 5 times now. ...
(microsoft.public.publisher.webdesign)
Re: Draw to Jpeg.
... Leave JPEGs for photos. ... I have kept finding it a problem when converting graphs into GIFs. ... background colour isn't even a 'near miss' for what I'd intended. ... Armstrong Audio http://www.audiomisc.co.uk/Armstrong/armstrong.html ...
(comp.sys.acorn.apps)
Re: Netfetch images
... default 'double-click' viewer for GIFs and JPEGs? ... Copy that line into an obey file, ... and hopefully any JPEGs will go to Netsurf. ... You could probably repeat this with a suitable line for GIFs etc. ...
(comp.sys.acorn.apps)