Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

RE: GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer]

From: "Jason Coombs" <jasonc () science org>
Date: Mon, 2 Sep 2002 19:28:55 -1000
Everything and anything can already carry viruses.

The question is can they be told to execute? Most malicious bytes packed as
.ZIP files will just look like bad .ZIP files to WinZip, just as malicious
bytes packed as a .JPG will look just like a bad .JPG file to Internet
Explorer.

A virus packaged in a JPEG could help mount a successful heap overflow
attack where the difficulty is figuring out how to get EIP to point at your
malicious bytes, versus the more trivial difficulty of "where do you want
EIP to go today?" as with simpler-to-launch stack overflow attacks.

Sincerely,

Jason Coombs
jasonc () science org

-----Original Message-----
From: Roland Postle [mailto:mail () blazde co uk]
Sent: Monday, September 02, 2002 7:54 AM
To: vuln-dev () securityfocus com
Subject: GIFs Good, Flash Executable Bad [Was: Plain text files in
internet explorer]



GIFs can't exploit your
system.  Flash files can, just like any executable.


This myth that static data files such as gifs, jpegs and zip files
/can't/ exploit your system really gets to me. Virus scanners continue
to scan only 'active' content, but some applications are in such
widespread use now that it's only a matter of time before a
vulnerability in say, Winzip's file handling, is exploited in a virus
that infects .zip files. Or a vulnerability in IE's jpeg module that
allows jpegs to carry viruses. It's not 'just like any executable', but
it's not automatically safe either.

- Blazde
Previous By Date Next
Previous By Thread Next

Current thread: