[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] 2 vulnerabilities combine to auto execute received files in Nokia series 60 OS

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] 2 vulnerabilities combine to auto execute received files in Nokia series 60 OS
From: dk <dk@xxxxxxxxxxxxxxxx>
Date: Mon, 24 Jan 2005 19:16:59 -0600

Paul Kurczaba wrote:

Wouldn't the phone try to open the jpg file as a picture, and not execute
it. Just like on desktop PCs: if you rename a .exe (application/program) to
a jpg (picture file), and try to open the file, your image program will open
the file, thinking it is a image file. The application code will not be
executed.

Just because one peculiar desktop OS for PC's (MS' variety) chooses this action does not indicate that others do; especially where embedded systems are concerned. There are many ways it can be done.

--
dk


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- RE: [Full-Disclosure] 2 vulnerabilities combine to auto execute received files in Nokia series 60 OS
  - From: Paul Kurczaba

Prev by Date: [Full-Disclosure] iDEFENSE Security Advisory 01.24.05: DataRescue Interactive Disassembler Pro Buffer Overflow Vulnerability
Next by Date: Re: [Full-Disclosure] blocking SkyPE?
Previous by thread: Re: [Full-Disclosure] 2 vulnerabilities combine to auto execute received files in Nokia series 60 OS
Next by thread: [Full-Disclosure] DIMVA 2005 - Final Call for Papers
Index(es):
- Date
- Thread