Vulnerability Development mailing list archives
Re: Infected jpeg files?
From: Oliver Bleutgen <meinbugtraq () gmx net>
Date: Sun, 11 Nov 2001 16:29:29 +0100
A possible hole that I can see goes as follows:
Certain browsers employ an algorithm that inspects the first few bytes of incoming content and if it looks like HTML displays as text/html even if the MIME type in the Content-Type: header says it is something else.
I suppose that that such a browser receiving a JPEG file constructed, using COMment records etc to make it look and parse enough like an HTML file to fool the browser (whilst also being a valid JPEG file) may well run embedded <script> tags etc.
Hehe, "certain browsers". We can really be specific, http://msdn.microsoft.com/library/default.asp?url=/workshop/networking/moniker/overview/appendix_a.asp It might be a good source to find out how to circumvent certain security measures in proxies. If I understand the description correctly, it might at least be be possible to send my_picture.jpg to IE, with server suppiled mime-type application/octet-stream, which then is opened in adobe acrobat without user-intervention, because it really is a pdf - but I didn't test it! I don't like the fact that IE tries to be so damn clever in deciding what type a file really is... cheers, oliver
Current thread:
- RE: Infected jpeg files?, (continued)
- RE: Infected jpeg files? OBrien, Brennan (Nov 08)
- RE: Infected jpeg files? Oliver Petruzel (Nov 09)
- RE: Infected jpeg files? Bruce Ediger (Nov 09)
- RE: Infected jpeg files? Chan, Stephen (TIS, Singapore) (Nov 09)
- RE: Infected jpeg files? OBrien, Brennan (Nov 09)
- RE: Infected jpeg files? Krul Thomas (Nov 09)
- Re: Infected jpeg files? Rob Pickering (Nov 09)
- Re: Infected jpeg files? zen-parse (Nov 09)
- RE: Infected jpeg files? Brass, Phil (ISS Atlanta) (Nov 09)
- RE: Infected jpeg files? Thor (Nov 09)
- Re: Infected jpeg files? Oliver Bleutgen (Nov 11)
- strange thing happend to me Sould3mon (Nov 12)
- RE: strange thing happend to me Oliver Petruzel (Nov 12)
- strange thing happend to me Sould3mon (Nov 12)
- Re: Infected jpeg files? Pete Simpson (Nov 12)
- RE: Infected jpeg files? OBrien, Brennan (Nov 08)