RE: Re: Image-handling flaws put Windows PCs at risk

["Wolfe, James M" <james.m.wolfe () lmco com>]

I remember when the VBS viruses started making the rounds if you had an
NT 4 machine you could simply delete scrrun.dll and you'd be OK. Win 2K
on the other hand which was just coming out at the time would put the
file back no matter if you deleted it, renamed it, or tried sticking in
a zero byte file. So much for being able to remove features that you
don't want.

Regards,
James 


  
-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org]
On Behalf Of Richard M. Smith
Sent: Tuesday, November 08, 2005 8:03 PM
To: funsec () linuxbox org
Subject: [funsec] Re: Image-handling flaws put Windows PCs at risk

Re:
http://news.com.com/Image-handling+flaws+put+Windows+PCs+at+risk/2100-10
02_3
-5940047.html?tag=nefd.top
(AKA http://tinyurl.com/amy44)

When I see these kind of bugs, I always wonder if there is some way to
turn off the unneeded feature rather than getting a patch.  Disabling
the feature protects against the next security hole in the unneeded
feature......  I also wonder if there is a some method of scanning the
registry to learn about all the image file formats that IE supports in
the <img> tag and similar tags.  Last time I checked, the GIF and JPEG
formats are all we need.

Richard 

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.