[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Multi-vendor AV gateway image inspection bypass vulnerability

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] Multi-vendor AV gateway image inspection bypass vulnerability
From: Nils Ketelsen <nils@xxxxxxxxxxxxxxxxxx>
Date: Wed, 12 Jan 2005 16:51:50 -0500

On Wed, Jan 12, 2005 at 12:37:42PM -0800, Steven Rakick wrote:
> This would mean that if an image exploiting the
> recently announced Microsoft LoadImage API overflow
> were imbedded into HTML email there would be zero
> defense from the network layer as it would be
> completely invisible.

Yes. I am planning to test, what that means to all those content filtering
proxies. I have found one product that claims to be able to block "MIME
content in HTML", I think they are referring to RfC2397 with that. 

> 
> Why am I not seeing more about this in the press? It
> seems pretty threatening to me...

Internet Explorer does not Implement RfC2397. That means it is interesting
for a far smaller audience. ;-)

Nils
-- 
Nils Ketelsen  // Mississauga, Canada
43° 35' 13"N, 79° 38' 23"W
mailto:`#!/bin/sh`@druecke.strg-alt.entf.org
http://druecke.strg-alt-entf.org/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- Re: [Full-Disclosure] Multi-vendor AV gateway image inspection bypass vulnerability
  - From: Steven Rakick

Prev by Date: RE: [Full-Disclosure] PoC to be released on 01/20/05
Next by Date: Re: [Full-Disclosure] T-Mobile Hacker and server vulnerabilities
Previous by thread: Re: [Full-Disclosure] Multi-vendor AV gateway image inspection bypass vulnerability
Next by thread: Re: [Full-Disclosure] Multi-vendor AV gateway image inspection bypass vulnerability
Index(es):
- Date
- Thread