Everything and anything can already carry viruses. The question is can they be told to execute? Most malicious bytes packed as .ZIP files will just look like bad .ZIP files to WinZip, just as malicious bytes packed as a .JPG will look just like a bad .JPG file to Internet Explorer. A virus packaged in a JPEG could help mount a successful heap overflow attack where the difficulty is figuring out how to get EIP to point at your malicious bytes, versus the more trivial difficulty of "where do you want EIP to go today?" as with simpler-to-launch stack overflow attacks. Sincerely, Jason Coombs jasoncat_private -----Original Message----- From: Roland Postle [mailto:mailat_private] Sent: Monday, September 02, 2002 7:54 AM To: vuln-devat_private Subject: GIFs Good, Flash Executable Bad [Was: Plain text files in internet explorer] > GIFs can't exploit your > system. Flash files can, just like any executable. This myth that static data files such as gifs, jpegs and zip files /can't/ exploit your system really gets to me. Virus scanners continue to scan only 'active' content, but some applications are in such widespread use now that it's only a matter of time before a vulnerability in say, Winzip's file handling, is exploited in a virus that infects .zip files. Or a vulnerability in IE's jpeg module that allows jpegs to carry viruses. It's not 'just like any executable', but it's not automatically safe either. - Blazde
This archive was generated by hypermail 2b30 : Tue Sep 03 2002 - 08:08:13 PDT