Mozilla Foundation GIF Overflow

[Steven Rakick <stevenrakick () yahoo com>]

Hi all,

I was just glancing at the Internet Security Systems
website and I noticed the following statement "ISS
provides Ahead of the Threat protection for Mozilla
and Firefox Browsers".

Clicking the related link they mention that ISS
Network Sensor 7.0, Proventia A and G100, G400, G200,
G1200, G2000 and M series all provide "preemptive
protection for these vulnerabilities". 

I remember a couple months ago, Darren Bounds from
Intrusense released an advisory regarding weak support
for inspecting base64 encoded images in AV, IDS and
IPS technologies (ISS being one of the them). 
(Advisory:
http://www.intrusense.com/av-bypass/image-bypass-advisory.txt)

My question is this. Did ISS ever add support for
detecting this RFC 2397 images or are they going to
pass through undetected? Mozilla and Firefox both
support this spec so it seems like a very trivial
attack vector to exploit... once again. 

Also, what other vendors have now added support for
RFC 2397 inspection? 

Any insight would be greatly appreciated.

Steve



                
__________________________________ 
Do you Yahoo!? 
Yahoo! Small Business - Try our new resources site!
http://smallbusiness.yahoo.com/resources/ 
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/