|
Vulnerability Development
mailing list archives
Re: GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer]
From: Gerhard den Hollander <gerhard () jason nl>
Date: Tue, 3 Sep 2002 09:25:26 +0200
* Roland Postle <mail () blazde co uk> (Mon, Sep 02, 2002 at 06:54:06PM +0100)
GIFs can't exploit your
system. Flash files can, just like any executable.
This myth that static data files such as gifs, jpegs and zip files
/can't/ exploit your system really gets to me. Virus scanners continue
to scan only 'active' content, but some applications are in such
widespread use now that it's only a matter of time before a
vulnerability in say, Winzip's file handling, is exploited in a virus
that infects .zip files. Or a vulnerability in IE's jpeg module that
allows jpegs to carry viruses. It's not 'just like any executable', but
it's not automatically safe either.
There have been mp3s that exploited a buffer overflow in mp3 tag parsing.
Currently listening to: CD Audio Track 8
Gerhard, <@jasongeo.com> == The Acoustic Motorbiker ==
--
__O An all I can say is that my lifes is pretty plain
=`\<, You don't like my point of view, you think that I'm insane
(=)/(=) It's not sane, it's not sane
 By Date 
By Thread
Current thread:
RE: Plain text files in internet explorer Chris Sandy (Sep 01)
|
Intro
