-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 12:18 PM 11/9/2001 -0800, H C wrote: >Got any references for any of these comments? I >remember the "Chasing the Wind" series having some >mention of embedding JavaScript in the comments fields >of GIF files, but (a) that's a fictional series, and >(b) I never saw a follow-on installment that addressed >the situation. The only thing that I remember regarding possible exploitation of malformed .jpeg documents was some issue with Netscape in particular... Here is one advisory: http://www.openwall.com/advisories/OW-002-netscape-jpeg.txt And another regarding SuSE: http://www.linuxsecurity.com/advisories/suse_advisory-652.html Of course, googles of "Netscape JPEG" and SF Searches yield lots. HTH AD -----BEGIN PGP SIGNATURE----- Version: PGP 7.1 iQA/AwUBO+xhJohsmyD15h5gEQKrXQCfbDIkK/pxvhD7co1rIIqG0lMwcZkAnjbD wZSpfpTnTTWFlTRlXpxrPAkJ =D9C4 -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Fri Nov 09 2001 - 15:26:46 PST