Home page logo
/

bugtraq logo Bugtraq mailing list archives

RE: Windows Media Player executes WMF content in .MP3 files.
From: David Korn <dkorn () pixelpower com>
Date: Wed, 27 Feb 2002 10:55:41 -0000

-----Original Message-----
From: Russ [mailto:Russ.Cooper () rc on ca]
Sent: 26 February 2002 21:35

Its also foolish to suggest that security be based on file extensions,
Windows has been interpreting file types based on content for years and
anyone who thinks they can safely run their system by excluding some
file types is just plain dumb. AV products all have the ability to scan
all files, and this should be the setting on your system.

  Well, file extensions *used* to be a valid way for a user to know that a
file either contained a given type of content, or was invalid.  (That's a
separate issue from whether or not a given file viewer will correctly
reject an invalid file of a given type, or perhaps be exploitable through
cleverly malformed data.)  Remember, there isn't a virus in the file in
question: the vulnerability arises because there's no way for the user to
know what type of content is in the file, and therefore no way for them to
adopt different handling procedures appropriate to the different content.

  For security's sake, there ought to be *some* way for an end user to know
what kind of content is in a file without having to inspect it in a hex
editor.  The file extension would be a valid way to convey that information
to the user *if* the extension was guaranteed to be respected by the viewer
apps.  Or have I overlooked something?


    DaveK
-- 
Burn your ID card!  http://www.optional-identity.org.uk/
Help support the campaign, copy this into your .sig!


**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.

www.mimesweeper.com
**********************************************************************


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault