RE: FUD - was FAX a virus

["Peter Denyer" <Peter.Denyer () interdean com>]

I'm not a security expert, but my understanding is that the .jpg file
itself has to be specially crafted to take advantage of this
vulnerability, in a fax server the .jpg (if this format is used) is
created locally from an analogue input across normal telephone lines. I
don't believe the situations are analogous as the potential hacker has
insufficient control over the destination file.


Peter Denyer 
UK System Support Manager

IMPORTANT: This electronic message is for exclusive use by the person(s)
to whom it is addressed, and may contain information that is
confidential or privileged and exempt from disclosure under applicable
law.  If you are not an intended recipient, please be aware that any
disclosure, dissemination, distribution or copying of this
communication, or the use of its contents, is prohibited.  If you have
received this message in error, please immediately notify me of your
inadvertent receipt and delete this message from all data storage
systems.  Please note this e-mail may not necessarily reflect the views
of Interdean.



-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Robert Wesley McGrew
Sent: Tuesday, March 06, 2007 9:48 PM
To: Craig Wright
Cc: TheGesus; security-basics () securityfocus com;
alcides.hercules () gmail com; Scott.Ramsdell () cellnet com
Subject: Re: FUD - was FAX a virus

On 3/6/07, Craig Wright <cwright () bdosyd com au> wrote:
> With email you attach a binary. Please I would love to know how to
> attach a binary executable to a scanned image?

Like this:

http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx

Never put too much trust in how you're parsing input.

-- 
Robert Wesley McGrew
http://mcgrewsecurity.com