Re: Can Exploit-ANIfile.c infect JPG files?
- From: "cquirke (MVP Windows shell/user)" <cquirkenews@xxxxxxxxxxxxxxx>
- Date: Thu, 26 Apr 2007 01:59:57 +0200
On Tue, 24 Apr 2007 18:47:26 -0400, "David H. Lipman"
From: "cquirke (MVP Windows shell/user)"
| You can put an exploit into any type of file.
| Whether it will "get traction" depends on whether the OS is smart
| enough to refuse to pass it to the exploitable surface.
| I know ANI exploits sprawl over to .CUR and perhaps .ICO, but I dunno
| about .JPG; I know that a previous WMF exploit did spread to .JPG
Attached is a perfect example.
It is a screen capture of an Avira submission report based upon files I submitted Yesterday.
"The file '0day.jpg' has been determined to be 'MALWARE'. Our analysts named the threat
EXP/Ani.Gen"
Hmm... in this XP SP2 PC, I tried renaming an .ANI as .JPG, and it
"opened" in the MS viewer that usually shows .JPG, which stated the
file wasn't displayable. I then tried the same in IView, which said
"this is an .ANI named as a .JPG; rename?"
The trouble with this sort of testing is that this PC has no default
action for .ANI files, so I can't tell whether the content within the
renamed .JPG was ever being handled as .ANI
-------------------- ----- ---- --- -- - - - -Tip Of The Day:
To disable the 'Tip of the Day' feature...
-------------------- ----- ---- --- -- - - - -.
- Follow-Ups:
- Re: Can Exploit-ANIfile.c infect JPG files?
- From: David H. Lipman
- Re: Can Exploit-ANIfile.c infect JPG files?
- References:
- Can Exploit-ANIfile.c infect JPG files?
- From: Russell L. Smith
- Re: Can Exploit-ANIfile.c infect JPG files?
- From: cquirke (MVP Windows shell/user)
- Can Exploit-ANIfile.c infect JPG files?
- Prev by Date: Re: MSN windows going crazy
- Next by Date: Re: Can Exploit-ANIfile.c infect JPG files?
- Previous by thread: Re: Can Exploit-ANIfile.c infect JPG files?
- Next by thread: Re: Can Exploit-ANIfile.c infect JPG files?
- Index(es):
Relevant Pages
|
