funsec mailing list archives

Desktop search: A new attack vector for malware?

From: "Richard M. Smith" <rms () computerbytesman com>
Date: Wed, 13 Jun 2007 09:04:53 -0400

Hi,

Has any company looked into the issue of desktop search programs being an
attack vector for malware?  I'm wondering if a booby-trapped document file
can be placed on a system that will cause a buffer error in a desktop search
bot.  The buffer overflow can then be used to install and run malware.  Such
a file can be delivered as an attached file to an email message or
downloaded on the sly to a browser cache.

Also can a desktop search bot be DoSed by having it index an exploding .ZIP
which is modest in size but contains many terrabytes of document files?

Richard

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Desktop search: A new attack vector for malware? Richard M. Smith (Jun 13)
- RE: Desktop search: A new attack vector for malware? Larry Seltzer (Jun 13)
- Re: Desktop search: A new attack vector for malware? Jordan Wiens (Jun 13)