_JPEG_ exploit?!
Danny Howard
dannyman at toldme.com
Fri Sep 17 06:03:41 PDT 2004
On Thu, Sep 16, 2004 at 02:27:44PM -0700, Rick Moen wrote:
> Quoting Strata R. Chalup (strata at virtual.net):
>
> > I think it's likely to have something to do with extension
> > shuffling, or misleading extension types.
>
> Exactly what I had in mind.
>
> Microsoft Corp. has a longstanding habit of relying on filename
> extensions of untrustworthy files received from remote to determine
> what to consider those files to contain (and what viewer / editor to
> hand them off to) rather than either examining the file directly or
> using MIME type information.
Uhhhh, *scratches head* ... but, how is an untrusted MIME header less
threatening than an untrusted file extension? (And yeah, we all know
about the exploit.jpg.exe silliness.)
> This has gotten them into deep trouble repeatedly, and I'd be not at
> all surprised to hear that it's still happening.
I thought it was maybe writing to memory without bounds-checking that
might get them in trouble, and this activity being a byproduct of their
questionable architectural choices, meshing the web browser with the
Operating System. But I am not a software engineer, and I do not work
for Microsoft. ;)
-danny
--
http://dannyman.toldme.com/
More information about the Baylisa
mailing list