Vulnerability Development mailing list archives
Re: GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer]
From: Gerhard den Hollander <gerhard () jason nl>
Date: Tue, 3 Sep 2002 09:25:26 +0200
* Roland Postle <mail () blazde co uk> (Mon, Sep 02, 2002 at 06:54:06PM +0100)
GIFs can't exploit your system. Flash files can, just like any executable.This myth that static data files such as gifs, jpegs and zip files /can't/ exploit your system really gets to me. Virus scanners continue to scan only 'active' content, but some applications are in such widespread use now that it's only a matter of time before a vulnerability in say, Winzip's file handling, is exploited in a virus that infects .zip files. Or a vulnerability in IE's jpeg module that allows jpegs to carry viruses. It's not 'just like any executable', but it's not automatically safe either.
There have been mp3s that exploited a buffer overflow in mp3 tag parsing. Currently listening to: CD Audio Track 8 Gerhard, <@jasongeo.com> == The Acoustic Motorbiker == -- __O An all I can say is that my lifes is pretty plain =`\<, You don't like my point of view, you think that I'm insane (=)/(=) It's not sane, it's not sane
Current thread:
- RE: Plain text files in internet explorer, (continued)
- RE: Plain text files in internet explorer Bernie Cosell (Sep 01)
- Re: Plain text files in internet explorer Magnus Bodin (Sep 02)
- Re: Plain text files in internet explorer Dan Kaminsky (Sep 02)
- Re: Plain text files in internet explorer Philip Rowlands (Sep 02)
- Re: Plain text files in internet explorer Dan Kaminsky (Sep 03)
- Re: Plain text files in internet explorer Helmut Springer (Sep 03)
- Re: Plain text files in internet explorer Marc Slemko (Sep 03)
- Re: Plain text files in internet explorer Daniel Newby (Sep 04)
- RE: Plain text files in internet explorer Bernie Cosell (Sep 01)
- GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer] Roland Postle (Sep 02)
- RE: GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer] Jason Coombs (Sep 03)
- Re: GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer] Gerhard den Hollander (Sep 03)
- RE: GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer] Dom De Vitto (Sep 03)
- Re: GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer] Blue Boar (Sep 03)
- Re: Plain text files in internet explorer Bernie Cosell (Sep 02)
- Re: Plain text files in internet explorer Eric Rostetter (Sep 03)
- Re: Plain text files in internet explorer Bill Weiss (Sep 02)
- Re: Plain text files in internet explorer Pierre-Yves Bonnetain (Sep 06)