Re: GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer]

From: Gerhard den Hollander (gerhard@jason.nl)
Date: 09/03/02

• Previous message: Jason Coombs: "RE: GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer]"
• In reply to: Roland Postle: "GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer]"
• Next in thread: Dom De Vitto: "RE: GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer]"
• Next in thread: Eric Rostetter: "Re: Plain text files in internet explorer"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Tue, 3 Sep 2002 09:25:26 +0200
From: Gerhard den Hollander <gerhard@jason.nl>
To: Roland Postle <mail@blazde.co.uk>

* Roland Postle <mail@blazde.co.uk> (Mon, Sep 02, 2002 at 06:54:06PM +0100)
> > GIFs can't exploit your
> > system. Flash files can, just like any executable.
>
> This myth that static data files such as gifs, jpegs and zip files
> /can't/ exploit your system really gets to me. Virus scanners continue
> to scan only 'active' content, but some applications are in such
> widespread use now that it's only a matter of time before a
> vulnerability in say, Winzip's file handling, is exploited in a virus
> that infects .zip files. Or a vulnerability in IE's jpeg module that
> allows jpegs to carry viruses. It's not 'just like any executable', but
> it's not automatically safe either.

There have been mp3s that exploited a buffer overflow in mp3 tag parsing.

Currently listening to: CD Audio Track 8

        Gerhard, <@jasongeo.com> == The Acoustic Motorbiker ==

-- 
   __O	An all I can say is that my lifes is pretty plain
 =`\<,	You don't like my point of view, you think that I'm insane
(=)/(=)	It's not sane, it's not sane

---

• Previous message: Jason Coombs: "RE: GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer]"
• In reply to: Roland Postle: "GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer]"
• Next in thread: Dom De Vitto: "RE: GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer]"
• Next in thread: Eric Rostetter: "Re: Plain text files in internet explorer"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer] ... This myth that static data files such as gifs, jpegs and zip files ... Virus scanners continue ... vulnerability in say, Winzip's file handling, is exploited in a virus ... (Vuln-Dev) Re: Problem publishing - jpeg pictures not converting to html ... Dotster 'sees' all gifs and jpegs; ... I am using Firezilla to upload my website as an ftp to the hosting site ... The index file is in full html, ... (microsoft.public.publisher.webdesign) RE: Problem publishing - jpeg pictures not converting to html ... Using Publisher 2007. ... Dotster 'sees' all gifs and jpegs; ... BTW -- have talked to Dotster 5 times now. ... (microsoft.public.publisher.webdesign) Re: Draw to Jpeg. ... Leave JPEGs for photos. ... I have kept finding it a problem when converting graphs into GIFs. ... background colour isn't even a 'near miss' for what I'd intended. ... Armstrong Audio http://www.audiomisc.co.uk/Armstrong/armstrong.html ... (comp.sys.acorn.apps) Re: Netfetch images ... default 'double-click' viewer for GIFs and JPEGs? ... Copy that line into an obey file, ... and hopefully any JPEGs will go to Netsurf. ... You could probably repeat this with a suitable line for GIFs etc. ... (comp.sys.acorn.apps)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > vuln-dev  > 2002-09