_JPEG_ exploit?!
Strata R. Chalup
strata at virtual.net
Wed Sep 15 19:43:23 PDT 2004
I think it's likely to have something to do with extension shuffling, or
misleading extension types. Remember that flap about how one could have
attachments whose display name was foo.jpg and whose (?)resource(?) name
was foo.jpg but whose (?) file_handler name was foo.exe?
Eg, looking at the file, for large values of 'looking' cause one to see
an innocuous extension, but when the file was passed off to the file
handler to be opened by an application, it was actually an executable or
similar.
A quick google got me this helpful page, which while not immediately up
to date gives the gist of the problem quite clearly:
http://www.geocities.com/ResearchTriangle/Lab/1131/eng/safe.html
cheers,
Strata
Rick Moen wrote:
> Quoting Jim Hickstein (jxh at jxh.com):
>
>
>>Well, lots of other programs are implicated, that don't (I suppose) touch
>>MIME.
>
>
> You'd think, but that might well not be the case: Lots of other programs
> tend to be dragged in through MS's component-software facilities.
>
>
>>Something I saw said "buffer overrun", which does start to add up.
>
>
> Pity the "FAQ" doesn't address any of the questions that one would
> reasonably ask.
>
>
--
========================================================================
Strata Rose Chalup [KF6NBZ] strata "@" virtual.net
VirtualNet Consulting http://www.virtual.net/
** Project Management & Architecture for ISP/ASP Systems Integration **
=========================================================================
More information about the Baylisa
mailing list