funsec mailing list archives
RE: Format of embedded graphics
From: "D'Aloisio, Marc" <Marc.DAloisio () ct gov>
Date: Thu, 29 Dec 2005 08:53:14 -0500
It came through formatted as HTML to me...I have unregistered shimgvw.dll per the Microsoft work-around and the .gif came through as an attachment, the placeholder in the email is the 'can't view the graphic' red X box. Marc D'Aloisio, CISSP Network Security Analyst; Security Incident Response State of Connecticut - Department of Information Technology -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Larry Seltzer Sent: Thursday, December 29, 2005 08:36 To: funsec () linuxbox org Subject: [funsec] Format of embedded graphics Most of you, I suspect, read e-mail as plain text. For experimental purposes this message is sent as HTML with a graphic embedded with a question <outbind://218-000000005384F517C8AD9748884180DED30A6CDAA4615401/http://w ww.larryseltzer.com/testimage.gif> This graphic was a non-malicious WMF file that I renamed .GIF and embedded. So what happens to the format of such a graphic when embedded in an HTML e-mail? Is it forced to GIF or JPG, or is it perhaps still a WMF and potentially malicious? Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blog.ziffdavis.com/seltzer Contributing Editor, PC Magazine larryseltzer () ziffdavis com
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: Format of embedded graphics D'Aloisio, Marc (Dec 29)
- <Possible follow-ups>
- RE: Format of embedded graphics D'Aloisio, Marc (Dec 29)
- RE: Format of embedded graphics Discini, Sonny (Dec 29)