funsec mailing list archives

RE: Format of embedded graphics

From: "D'Aloisio, Marc" <Marc.DAloisio () ct gov>
Date: Thu, 29 Dec 2005 08:53:14 -0500

It came through formatted as HTML to me...I have unregistered
shimgvw.dll per the Microsoft work-around and the .gif came through as
an attachment,  the placeholder in the email is the 'can't view the
graphic'  red X box.
 
 

Marc D'Aloisio, CISSP
Network Security Analyst; Security Incident Response
State of Connecticut - Department of Information Technology


        -----Original Message-----
        From: funsec-bounces () linuxbox org
[mailto:funsec-bounces () linuxbox org] On Behalf Of Larry Seltzer
        Sent: Thursday, December 29, 2005 08:36
        To: funsec () linuxbox org
        Subject: [funsec] Format of embedded graphics
        
        

        Most of you, I suspect, read e-mail as plain text. For
experimental purposes this message is sent as HTML with a graphic
embedded with a question

        
<outbind://218-000000005384F517C8AD9748884180DED30A6CDAA4615401/http://w
ww.larryseltzer.com/testimage.gif> 

        This graphic was a non-malicious WMF file that I renamed .GIF
and embedded. 
         
        So what happens to the format of such a graphic when embedded in
an HTML e-mail? Is it forced to GIF or JPG, or is it perhaps still a WMF
and potentially malicious?
        
        Larry Seltzer
        eWEEK.com Security Center Editor
        http://security.eweek.com/
        http://blog.ziffdavis.com/seltzer
        Contributing Editor, PC Magazine
        larryseltzer () ziffdavis com

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

RE: Format of embedded graphics D'Aloisio, Marc (Dec 29)
- <Possible follow-ups>
- RE: Format of embedded graphics D'Aloisio, Marc (Dec 29)
- RE: Format of embedded graphics Discini, Sonny (Dec 29)