Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer]

From: FX <fx () phenoelit de>
Date: Tue, 3 Sep 2002 09:55:05 +0200
Or a vulnerability in IE's jpeg module that
allows jpegs to carry viruses. It's not 'just like any executable', but
it's not automatically safe either.


Attacks using malformed .ICO files are quite simple. Actually, IE on Windows
9x (or everything else using Win9x icon rendering functions) is vulnerable.
Some image viewers could be exploited by something like this (tested on
InfraView). 
Details: http://www.darklab.org/archive/msg00100.html

yours truly,
FX
-- 
         FX           <fx () phenoelit de>
      Phenoelit   (http://www.phenoelit.de)
672D 64B2 DE42 FCF7 8A5E E43B C0C1 A242 6D63 B564
Previous By Date Next
Previous By Thread Next

Current thread: