in reply to Re^2: security: making sure graphics uploaded by users are safe
in thread security: making sure graphics uploaded by users are safe
The only plausible way to make a jpg/png file malicious is to trick the destination system into thinking that some 'extra' processing is required for the file type. For example, if you modify the registry to change the default behavior associated with double-clicking on a jpg file, so that it is treated differently, then all bets are off. As I originally stated, this requires some other malware execute first.
Notice I did not include gif format in here. The gif standard allows for animations, which means there is an 'executable' aspect to the file. While I believe the scope of what can be executed within a gif is very limited, I don't know enough about it to say for sure that it could not be hijacked for nefarious purposes
fnord
|
---|
Replies are listed 'Best First'. | |
---|---|
Re^4: security: making sure graphics uploaded by users are safe
by gwadej (Chaplain) on Sep 30, 2009 at 17:16 UTC |