Vulnerability Development mailing list archives

Re: GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer]

From: Gerhard den Hollander <gerhard () jason nl>
Date: Tue, 3 Sep 2002 09:25:26 +0200

* Roland Postle <mail () blazde co uk> (Mon, Sep 02, 2002 at 06:54:06PM +0100)

GIFs can't exploit your 
system.  Flash files can, just like any executable.


This myth that static data files such as gifs, jpegs and zip files
/can't/ exploit your system really gets to me. Virus scanners continue
to scan only 'active' content, but some applications are in such
widespread use now that it's only a matter of time before a
vulnerability in say, Winzip's file handling, is exploited in a virus
that infects .zip files. Or a vulnerability in IE's jpeg module that
allows jpegs to carry viruses. It's not 'just like any executable', but
it's not automatically safe either.


There have been mp3s that exploited a buffer overflow in mp3 tag parsing.

Currently listening to: CD Audio Track  8

        Gerhard,  <@jasongeo.com>   == The Acoustic Motorbiker ==       
-- 
   __O  An all I can say is that my lifes is pretty plain
 =`\<,  You don't like my point of view, you think that I'm insane
(=)/(=) It's not sane, it's not sane

Current thread:

RE: Plain text files in internet explorer, (continued)
- - RE: Plain text files in internet explorer Bernie Cosell (Sep 01)
    - Re: Plain text files in internet explorer Magnus Bodin (Sep 02)
    - Re: Plain text files in internet explorer Dan Kaminsky (Sep 02)
    - Re: Plain text files in internet explorer Philip Rowlands (Sep 02)
    - Re: Plain text files in internet explorer Dan Kaminsky (Sep 03)
    - Re: Plain text files in internet explorer Helmut Springer (Sep 03)
    - Re: Plain text files in internet explorer Marc Slemko (Sep 03)
    - Re: Plain text files in internet explorer Daniel Newby (Sep 04)
    - GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer] Roland Postle (Sep 02)
    - RE: GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer] Jason Coombs (Sep 03)
    - Re: GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer] Gerhard den Hollander (Sep 03)
    - RE: GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer] Dom De Vitto (Sep 03)
    - Re: GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer] Blue Boar (Sep 03)
    - Re: Plain text files in internet explorer Bernie Cosell (Sep 02)
    - Re: Plain text files in internet explorer Eric Rostetter (Sep 03)
- RE: Plain text files in internet explorer Chris Sandy (Sep 01)
- Re: Plain text files in internet explorer Magnus Bodin (Sep 01)
- Re: Plain text files in internet explorer byron (Sep 02)
  - Re: Plain text files in internet explorer Bill Weiss (Sep 02)
- Re: Plain text files in internet explorer Benjamin Elijah Griffin (Sep 03)
  - Re: Plain text files in internet explorer Pierre-Yves Bonnetain (Sep 06)

(Thread continues...)