Re: GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer]
From: Blue Boar (BlueBoar@thievco.com)Date: 09/03/02
- Previous message: Dom De Vitto: "RE: GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer]"
- In reply to: Roland Postle: "GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer]"
- Next in thread: Eric Rostetter: "Re: Plain text files in internet explorer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 03 Sep 2002 08:13:21 -0700 From: Blue Boar <BlueBoar@thievco.com> To: Roland Postle <mail@blazde.co.uk>
This is one of my favorite vulnerabilities:
http://online.securityfocus.com/bid/1503
It's an overflow in the JPEG handler in Netscape.
I don't know of one for GIFs off the top of my head, but the same principle
applies. If there's a viewer with a bug, then there is a possibility that
it can be used to exploit the client.
BB
Roland Postle wrote:
>>GIFs can't exploit your
>>system. Flash files can, just like any executable.
>
> This myth that static data files such as gifs, jpegs and zip files
> /can't/ exploit your system really gets to me. Virus scanners continue
> to scan only 'active' content, but some applications are in such
> widespread use now that it's only a matter of time before a
> vulnerability in say, Winzip's file handling, is exploited in a virus
> that infects .zip files. Or a vulnerability in IE's jpeg module that
> allows jpegs to carry viruses. It's not 'just like any executable', but
> it's not automatically safe either.
- Previous message: Dom De Vitto: "RE: GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer]"
- In reply to: Roland Postle: "GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer]"
- Next in thread: Eric Rostetter: "Re: Plain text files in internet explorer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
