_JPEG_ exploit?!

• Previous message: _JPEG_ exploit?!
• Next message: _JPEG_ exploit?!
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Sep 16, 2004 at 02:27:44PM -0700, Rick Moen wrote:
> Quoting Strata R. Chalup (strata at virtual.net):
> 
> > I think it's likely to have something to do with extension
> > shuffling, or misleading extension types.  
> 
> Exactly what I had in mind.
> 
> Microsoft Corp. has a longstanding habit of relying on filename
> extensions of untrustworthy files received from remote to determine
> what to consider those files to contain (and what viewer / editor to
> hand them off to) rather than either examining the file directly or
> using MIME type information.  

Uhhhh, *scratches head* ... but, how is an untrusted MIME header less
threatening than an untrusted file extension?  (And yeah, we all know
about the exploit.jpg.exe silliness.)

> This has gotten them into deep trouble repeatedly, and I'd be not at
> all surprised to hear that it's still happening. 

I thought it was maybe writing to memory without bounds-checking that
might get them in trouble, and this activity being a byproduct of their
questionable architectural choices, meshing the web browser with the
Operating System.  But I am not a software engineer, and I do not work
for Microsoft. ;)

-danny

-- 
http://dannyman.toldme.com/

• Previous message: _JPEG_ exploit?!
• Next message: _JPEG_ exploit?!
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]