Vulnerability Development mailing list archives
RE: GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer]
From: "Dom De Vitto" <dom () DeVitto com>
Date: Mon, 2 Sep 2002 23:59:59 +0100
Right on. And I thought about this attack vector back in, ooooh, '93 (!) (back in the days when people said: "you *can't* catch a virus from just reading an email!" if they only knew what we know now.... :-( ) Yep, a datafile is just like interpreted pseudo code, no different to a flash file. I do think that that attack vector had been checked over to death, but then why does a particular .gif cause such woes for IE, as discussed in another thread....? Dom De Vitto -----Original Message----- From: Roland Postle [mailto:mail () blazde co uk] Sent: Monday, September 02, 2002 6:54 PM To: vuln-dev () securityfocus com Subject: GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer]
GIFs can't exploit your system. Flash files can, just like any executable.
This myth that static data files such as gifs, jpegs and zip files /can't/ exploit your system really gets to me. Virus scanners continue to scan only 'active' content, but some applications are in such widespread use now that it's only a matter of time before a vulnerability in say, Winzip's file handling, is exploited in a virus that infects .zip files. Or a vulnerability in IE's jpeg module that allows jpegs to carry viruses. It's not 'just like any executable', but it's not automatically safe either. - Blazde
Current thread:
- Re: Plain text files in internet explorer, (continued)
- Re: Plain text files in internet explorer Magnus Bodin (Sep 02)
- Re: Plain text files in internet explorer Dan Kaminsky (Sep 02)
- Re: Plain text files in internet explorer Philip Rowlands (Sep 02)
- Re: Plain text files in internet explorer Dan Kaminsky (Sep 03)
- Re: Plain text files in internet explorer Helmut Springer (Sep 03)
- Re: Plain text files in internet explorer Marc Slemko (Sep 03)
- Re: Plain text files in internet explorer Daniel Newby (Sep 04)
- GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer] Roland Postle (Sep 02)
- RE: GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer] Jason Coombs (Sep 03)
- Re: GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer] Gerhard den Hollander (Sep 03)
- RE: GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer] Dom De Vitto (Sep 03)
- Re: GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer] Blue Boar (Sep 03)
- Re: Plain text files in internet explorer Bernie Cosell (Sep 02)
- Re: Plain text files in internet explorer Eric Rostetter (Sep 03)
- Re: Plain text files in internet explorer Bill Weiss (Sep 02)
- Re: Plain text files in internet explorer Pierre-Yves Bonnetain (Sep 06)
- RE: Plain text files in internet explorer Dom De Vitto (Sep 07)