l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
August 5: Social gathering
Next Installfest:
TBD
Latest News:
Jul. 4: July, August and September: Security, Photography and Programming for Kids
Page last updated:
2004 Jun 25 16:06

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox] More IE exploits
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox] More IE exploits



On Fri, Jun 25, 2004 at 03:46:12PM -0700, Bill Kendrick wrote:
> On Fri, Jun 25, 2004 at 03:36:21PM -0700, Rod Roark wrote:
> > Actually... looking at both stories and taking them at face
> > value, it appears these are two entirely different security
> > holes.
> 
> Yeah, upon further inspection, I was a little confused, too.
> Of course, the BBC said people are inserting Javascript
> 'into GIF and JPG files', which makes no sense whatsoever...
> 
> Unless IE is being particularly dumb with something like:
> 
>   <img src="http://badguy.com/malware.js";>

I don't know what the problem is with this particular hole, but IE
historically has lots of problems with guessing a file's type based
on extension and mixing that up with the MIME type. 

For example, IE had a security hole some time ago involving
background sounds; if you specified bgsound="evil.js" in a web page
and the server said its MIME type was a MIDI file, IE would decide
to play the file and hand it off to a local player thread. 

Well, that thread would look at the extension and execute evil.js as
JavaScript in the local security zone. 

I undoubtedly have some of the details wrong, but the general idea
is there.

-- 
Samuel Merritt
OpenPGP key is at http://meat.andcheese.org/~spam/spam_at_andcheese_dot_org.asc
Information about PGP can be found at http://www.mindspring.com/~aegreene/pgp/

Attachment: pgp00010.pgp
Description: PGP signature

_______________________________________________
vox mailing list
vox@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox


LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
EDGE Tech Corp.
For donating some give-aways for our meetings.