[Esd-l] MIME types and magic
John D. Hardin
jhardin at impsec.org
Sun Sep 8 09:04:01 PDT 2002
All:
I just got a message that had an attachment with MIME type
"application/octet-stream" named "whatever.gif" (the actual name part
doesn't matter, but the .gif is significant).
It wasn't, of course, sanitized, since .GIF is considered "safe".
The attachment was actually a Windows executable.
Is Windows checking file magic on generic MIME types? I wouldn't
expect this to be a successful attack if Windows fires off an image
viewer based on the filename.
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org pgpk -a jhardin at impsec.org
768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
...the Fates notice those who buy chainsaws...
-- www.darwinawards.com
-----------------------------------------------------------------------
101 days until The Two Towers
More information about the esd-l
mailing list