|
Full Disclosure
mailing list archives
Re: Multi-vendor AV gateway image inspection bypass vulnerability
From: Frank Knobbe <frank () knobbe us>
Date: Wed, 12 Jan 2005 16:57:24 -0600
On Wed, 2005-01-12 at 12:37 -0800, Steven Rakick wrote:
This would mean that if an image exploiting the
recently announced Microsoft LoadImage API overflow
were imbedded into HTML email there would be zero
defense from the network layer as it would be
completely invisible.
Why am I not seeing more about this in the press? It
seems pretty threatening to me...
Because it's old news from a network layer perspective. Images, emails,
etc can also be transferred zipped or encoded in base64 and what not.
Lots of IPS/IDS/AV and other gateway devices miss these encoded files.
The only novel approach I can see here is the embedding of the data
together with type and encoding in the URL. Nice idea. $20 says
spyware/spam/porn/phishing sites will adopt this fairly soon.
Regards,
Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
 By Date 
By Thread
Current thread:
- Re: Multi-vendor AV gateway image inspection bypass vulnerability, (continued)
| 
Intro
