Prev Previous Post   Next Post Next
Old 12-05-2013, 02:20 AM
Sleep mode zZ Sleep mode zZ is offline
Join Date: Apr 2012
Location: Tampere, Finland
Posts: 112

Originally Posted by saratoga View Post
No its not possible to insert malware into images like that. Generally you have to download something and run it, or be running an older browser that has unpatched java/javascript/flash/etc holes that enable remote execution. So at very least you'd have to connect to the webserver itself, download a file, begin running javascript, flash or something like that. JPEG is too simple, theres no way to hide malicious code in it.
The Microsoft vulnerability that I referred to was the Windows Metafile vulnerability from late 2005, patched in a few days after becoming public. I'm not sure if other browser than Internet Explorer were vulnerable. There also seems to been a JPEG buffer overflow vulnerability in GDI+ in 2004, making it possible to infect the computer with a picture displayed in Internet Explorer. These are old news and not relevant anymore. On the other hand, there was this year a vulnerability in older Office programs to specially crafted TIFF images.
Reply With Quote


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

All times are GMT -5. The time now is 04:38 PM.