Re: GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer]
From: FX (fx@phenoelit.de)Date: 09/03/02
- Previous message: Dan Kaminsky: "Re: Plain text files in internet explorer"
- Maybe in reply to: Roland Postle: "GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer]"
- Next in thread: Jason Coombs: "RE: GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer]"
- Next in thread: Eric Rostetter: "Re: Plain text files in internet explorer"
- Next in thread: Chris Sandy: "RE: Plain text files in internet explorer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 3 Sep 2002 09:55:05 +0200 From: FX <fx@phenoelit.de> To: vuln-dev@securityfocus.com
> Or a vulnerability in IE's jpeg module that
> allows jpegs to carry viruses. It's not 'just like any executable', but
> it's not automatically safe either.
Attacks using malformed .ICO files are quite simple. Actually, IE on Windows
9x (or everything else using Win9x icon rendering functions) is vulnerable.
Some image viewers could be exploited by something like this (tested on
InfraView).
Details: http://www.darklab.org/archive/msg00100.html
yours truly,
FX
--
FX <fx@phenoelit.de>
Phenoelit (http://www.phenoelit.de)
672D 64B2 DE42 FCF7 8A5E E43B C0C1 A242 6D63 B564
- Previous message: Dan Kaminsky: "Re: Plain text files in internet explorer"
- Maybe in reply to: Roland Postle: "GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer]"
- Next in thread: Jason Coombs: "RE: GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer]"
- Next in thread: Eric Rostetter: "Re: Plain text files in internet explorer"
- Next in thread: Chris Sandy: "RE: Plain text files in internet explorer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
