lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20050112215150.GA21636@h8000.serverkompetenz.net>
From: nils at steering-group.net (Nils Ketelsen)
Subject: Multi-vendor AV gateway image inspection bypass
	vulnerability

On Wed, Jan 12, 2005 at 12:37:42PM -0800, Steven Rakick wrote:
> This would mean that if an image exploiting the
> recently announced Microsoft LoadImage API overflow
> were imbedded into HTML email there would be zero
> defense from the network layer as it would be
> completely invisible.

Yes. I am planning to test, what that means to all those content filtering
proxies. I have found one product that claims to be able to block "MIME
content in HTML", I think they are referring to RfC2397 with that. 

> 
> Why am I not seeing more about this in the press? It
> seems pretty threatening to me...

Internet Explorer does not Implement RfC2397. That means it is interesting
for a far smaller audience. ;-)

Nils
-- 
Nils Ketelsen  // Mississauga, Canada
43? 35' 13"N, 79? 38' 23"W
mailto:`#!/bin/sh`@...ecke.strg-alt.entf.org
http://druecke.strg-alt-entf.org/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ