RE: GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer]

From: Jason Coombs (jasonc@science.org)
Date: 09/03/02


From: "Jason Coombs" <jasonc@science.org>
To: "Roland Postle" <mail@blazde.co.uk>, <vuln-dev@securityfocus.com>
Date: Mon, 2 Sep 2002 19:28:55 -1000

Everything and anything can already carry viruses.

The question is can they be told to execute? Most malicious bytes packed as
.ZIP files will just look like bad .ZIP files to WinZip, just as malicious
bytes packed as a .JPG will look just like a bad .JPG file to Internet
Explorer.

A virus packaged in a JPEG could help mount a successful heap overflow
attack where the difficulty is figuring out how to get EIP to point at your
malicious bytes, versus the more trivial difficulty of "where do you want
EIP to go today?" as with simpler-to-launch stack overflow attacks.

Sincerely,

Jason Coombs
jasonc@science.org

-----Original Message-----
From: Roland Postle [mailto:mail@blazde.co.uk]
Sent: Monday, September 02, 2002 7:54 AM
To: vuln-dev@securityfocus.com
Subject: GIFs Good, Flash Executable Bad [Was: Plain text files in
internet explorer]

> GIFs can't exploit your
> system. Flash files can, just like any executable.

This myth that static data files such as gifs, jpegs and zip files
/can't/ exploit your system really gets to me. Virus scanners continue
to scan only 'active' content, but some applications are in such
widespread use now that it's only a matter of time before a
vulnerability in say, Winzip's file handling, is exploited in a virus
that infects .zip files. Or a vulnerability in IE's jpeg module that
allows jpegs to carry viruses. It's not 'just like any executable', but
it's not automatically safe either.

- Blazde



Relevant Pages

  • Re: help a novelist sound credible?
    ... It was a worm, not a virus. ... Viruses are passive fragments without the ability to ... execute themselves. ...
    (alt.os.linux)
  • Get your free microsoft secuirty posters
    ... >> The first mention I saw of a computer Virus was in 1987 in a journal ... The key point of the paper is that viruses can exist in any ... create a defense that cannot be penetrated by some virus. ... The main defense is to not execute untrusted code. ...
    (alt.computer.security)
  • Re: Web based email issues
    ... See JPEG ... asking about viewing JPG and such images while browsing the internet. ... very serious problem for IE, I had not seen IE execute code based ...
    (alt.computer.security)
  • Re: How do .PDF viruses work? Where is a malware website?
    ... Strictly speaking a PDF file is a data file and cannot be infected. ... there is no such thing as a PDF "virus". ... Mostly what I have seen are PDF reader exploits that have a 'download and execute' payload which makes the PDF a trojan downloader. ... .DOC files but all were trojans and not viruses. ...
    (alt.comp.anti-virus)
  • Re: How do .PDF viruses work? Where is a malware website?
    ... Strictly speaking a PDF file is a data file and cannot be infected. ... there is no such thing as a PDF "virus". ... Mostly what I have seen are PDF reader exploits that have a 'download and execute' payload which makes the PDF a trojan downloader. ... Office .DOC files but all were trojans and not viruses. ...
    (alt.comp.anti-virus)