Re: Format of embedded graphics

[Barrie Dempster <barrie () reboot-robot net>]

On Thu, 2005-12-29 at 16:12 +0200, Gadi Evron wrote:
> nodialtone wrote:
> > Really?  Then why did I just get that image just fine?
> >
> > Gimp opens it up just fine.
>
> Hmm.
>
> Images are not html.
>
> I think. :P

I saw some HTML with an embedded image on my end, HTML definitely got
through. Email source (excluding the headers and image):



This is a multi-part message in MIME format.

--===============1587616502==
Content-Type: multipart/related;
boundary="----=_NextPart_000_057D_01C60C52.DCB02220"

This is a multi-part message in MIME format.

------=_NextPart_000_057D_01C60C52.DCB02220
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_057E_01C60C52.DCB02220"


------=_NextPart_001_057E_01C60C52.DCB02220
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit

Most of you, I suspect, read e-mail as plain text. For experimental
purposes
this message is sent as HTML with a graphic embedded with a question

 
<outbind://218-000000005384F517C8AD9748884180DED30A6CDAA4615401/http://www.l
arryseltzer.com/testimage.gif> 

This graphic was a non-malicious WMF file that I renamed .GIF and
embedded. 
 
So what happens to the format of such a graphic when embedded in an HTML
e-mail? Is it forced to GIF or JPG, or is it perhaps still a WMF and
potentially malicious?

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.ziffdavis.com/seltzer
Contributing Editor, PC Magazine
larryseltzer () ziffdavis com


------=_NextPart_001_057E_01C60C52.DCB02220
Content-Type: text/html; charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE></TITLE>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3DUS-ASCII">
<META content=3D"MSHTML 6.00.2900.2802" name=3DGENERATOR></HEAD>
<BODY><!-- Converted from text/plain format -->
<P><FONT size=3D2>Most of you, I suspect, read e-mail as plain text. For
=

experimental purposes this message is sent as HTML with a graphic =
embedded with=20
a question</FONT></P>
<P><FONT size=3D2><IMG=20
src=3D"outbind://218-000000005384F517C8AD9748884180DED30A6CDAA4615401/htt=
p://www.larryseltzer.com/testimage.gif"></FONT></P>
<DIV><FONT size=3D2><FONT face=3DArial color=3D#0000ff>This graphic was
=
a=20
non-malicious WMF file that I renamed .GIF and embedded. =
</FONT></FONT></DIV>
<DIV><FONT size=3D2><FONT face=3DArial =
color=3D#0000ff></FONT></FONT>&nbsp;</DIV>
<DIV><FONT size=3D2><FONT face=3DArial color=3D#0000ff>So what happens =
to the format=20
of such a graphic when embedded in an HTML e-mail? Is it forced to GIF =
or JPG,=20
or is it perhaps still a WMF and potentially =
malicious?</FONT><BR><BR>Larry=20
Seltzer<BR>eWEEK.com Security Center Editor<BR><A=20
href=3D"http://security.eweek.com/";>http://security.eweek.com/</A><BR><A
=

href=3D"http://blog.ziffdavis.com/seltzer";>http://blog.ziffdavis.com/selt=
zer</A><BR>Contributing=20
Editor, PC =
Magazine<BR>larryseltzer () ziffdavis com<BR></DIV></FONT></BODY></HTML>

------=_NextPart_001_057E_01C60C52.DCB02220--

------=_NextPart_000_057D_01C60C52.DCB02220
Content-Type: image/gif; name="testimage.gif"
Content-Transfer-Encoding: base64
Content-Location: http://www.larryseltzer.com/testimage.gif


-- 
With Regards..
Barrie Dempster (zeedo) - Fortiter et Strenue

"He who hingeth aboot, geteth hee-haw" Victor - Still Game

blog:  http://reboot-robot.net
sites: http://www.bsrf.org.uk - http://www.security-forums.com
ca:    https://www.cacert.org/index.php?id=3

Attachment: smime.p7s
Description:

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.