|
Vulnerability Development
mailing list archives
Re: GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer]
From: Blue Boar <BlueBoar () thievco com>
Date: Tue, 03 Sep 2002 08:13:21 -0700
This is one of my favorite vulnerabilities:
http://online.securityfocus.com/bid/1503
It's an overflow in the JPEG handler in Netscape.
I don't know of one for GIFs off the top of my head, but the same principle
applies. If there's a viewer with a bug, then there is a possibility that
it can be used to exploit the client.
BB
Roland Postle wrote:
GIFs can't exploit your
system. Flash files can, just like any executable.
This myth that static data files such as gifs, jpegs and zip files
/can't/ exploit your system really gets to me. Virus scanners continue
to scan only 'active' content, but some applications are in such
widespread use now that it's only a matter of time before a
vulnerability in say, Winzip's file handling, is exploited in a virus
that infects .zip files. Or a vulnerability in IE's jpeg module that
allows jpegs to carry viruses. It's not 'just like any executable', but
it's not automatically safe either.
 By Date 
By Thread
Current thread:
RE: Plain text files in internet explorer Chris Sandy (Sep 01)
Re: Plain text files in internet explorer Magnus Bodin (Sep 01)
Re: Plain text files in internet explorer byron (Sep 02)
|
Intro
