Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: Re: GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer]

Re: GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer]

From: Blue Boar <BlueBoar_at_thievco.com>
Date: Tue, 03 Sep 2002 08:13:21 -0700

This is one of my favorite vulnerabilities:
http://online.securityfocus.com/bid/1503
It's an overflow in the JPEG handler in Netscape.

I don't know of one for GIFs off the top of my head, but the same principle
applies. If there's a viewer with a bug, then there is a possibility that
it can be used to exploit the client.

                                                BB

Roland Postle wrote:
>>GIFs can't exploit your
>>system. Flash files can, just like any executable.
>
> This myth that static data files such as gifs, jpegs and zip files
> /can't/ exploit your system really gets to me. Virus scanners continue
> to scan only 'active' content, but some applications are in such
> widespread use now that it's only a matter of time before a
> vulnerability in say, Winzip's file handling, is exploited in a virus
> that infects .zip files. Or a vulnerability in IE's jpeg module that
> allows jpegs to carry viruses. It's not 'just like any executable', but
> it's not automatically safe either.
Received on Sep 03 2002

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos