Vulnerability Development mailing list archives
Re: GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer]
From: Blue Boar <BlueBoar () thievco com>
Date: Tue, 03 Sep 2002 08:13:21 -0700
This is one of my favorite vulnerabilities: http://online.securityfocus.com/bid/1503 It's an overflow in the JPEG handler in Netscape.I don't know of one for GIFs off the top of my head, but the same principle applies. If there's a viewer with a bug, then there is a possibility that it can be used to exploit the client.
BB Roland Postle wrote:
GIFs can't exploit your system. Flash files can, just like any executable.This myth that static data files such as gifs, jpegs and zip files /can't/ exploit your system really gets to me. Virus scanners continue to scan only 'active' content, but some applications are in such widespread use now that it's only a matter of time before a vulnerability in say, Winzip's file handling, is exploited in a virus that infects .zip files. Or a vulnerability in IE's jpeg module that allows jpegs to carry viruses. It's not 'just like any executable', but it's not automatically safe either.
Current thread:
- Re: Plain text files in internet explorer, (continued)
- Re: Plain text files in internet explorer Dan Kaminsky (Sep 02)
- Re: Plain text files in internet explorer Philip Rowlands (Sep 02)
- Re: Plain text files in internet explorer Dan Kaminsky (Sep 03)
- Re: Plain text files in internet explorer Helmut Springer (Sep 03)
- Re: Plain text files in internet explorer Marc Slemko (Sep 03)
- Re: Plain text files in internet explorer Daniel Newby (Sep 04)
- GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer] Roland Postle (Sep 02)
- RE: GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer] Jason Coombs (Sep 03)
- Re: GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer] Gerhard den Hollander (Sep 03)
- RE: GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer] Dom De Vitto (Sep 03)
- Re: GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer] Blue Boar (Sep 03)
- Re: Plain text files in internet explorer Bernie Cosell (Sep 02)
- Re: Plain text files in internet explorer Eric Rostetter (Sep 03)
- Re: Plain text files in internet explorer Bill Weiss (Sep 02)
- Re: Plain text files in internet explorer Pierre-Yves Bonnetain (Sep 06)
- RE: Plain text files in internet explorer Dom De Vitto (Sep 07)