GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer]

From: Roland Postle (mail@blazde.co.uk)
Date: 09/02/02


From: "Roland Postle" <mail@blazde.co.uk>
To: "vuln-dev@securityfocus.com" <vuln-dev@securityfocus.com>
Date: Mon, 02 Sep 2002 18:54:06 +0100


> GIFs can't exploit your
> system. Flash files can, just like any executable.

This myth that static data files such as gifs, jpegs and zip files
/can't/ exploit your system really gets to me. Virus scanners continue
to scan only 'active' content, but some applications are in such
widespread use now that it's only a matter of time before a
vulnerability in say, Winzip's file handling, is exploited in a virus
that infects .zip files. Or a vulnerability in IE's jpeg module that
allows jpegs to carry viruses. It's not 'just like any executable', but
it's not automatically safe either.

- Blazde