Re: Infected jpeg files?

[Oliver Bleutgen <meinbugtraq () gmx net>]

> A possible hole that I can see goes as follows:

> Certain browsers employ an algorithm that inspects the first few bytes
> of incoming content and if it looks like HTML displays as text/html even
> if the MIME type in the Content-Type: header  says it is something else.

> I suppose that that such a browser receiving a JPEG file constructed,
> using COMment records etc to make it look and parse enough like an HTML
> file to fool the browser (whilst also being a valid JPEG file) may well
> run embedded <script> tags etc.

Hehe, "certain browsers". We can really be specific, 

http://msdn.microsoft.com/library/default.asp?url=/workshop/networking/moniker/overview/appendix_a.asp

It might be a good source to find out how to circumvent
certain security measures in proxies.

If I understand the description correctly, it might 
at least be be possible to send my_picture.jpg to IE, with
server suppiled mime-type application/octet-stream, which
then is opened in adobe acrobat without user-intervention, 
because it really is a pdf - but I didn't test it!


I don't like the fact that IE tries to be so damn clever
in deciding what type a file really is...

cheers,
oliver