Full Disclosure mailing list archives
Re: Multi-vendor AV gateway image inspection bypass vulnerability
From: Nils Ketelsen <nils () steering-group net>
Date: Wed, 12 Jan 2005 16:51:50 -0500
On Wed, Jan 12, 2005 at 12:37:42PM -0800, Steven Rakick wrote:
This would mean that if an image exploiting the recently announced Microsoft LoadImage API overflow were imbedded into HTML email there would be zero defense from the network layer as it would be completely invisible.
Yes. I am planning to test, what that means to all those content filtering proxies. I have found one product that claims to be able to block "MIME content in HTML", I think they are referring to RfC2397 with that.
Why am I not seeing more about this in the press? It seems pretty threatening to me...
Internet Explorer does not Implement RfC2397. That means it is interesting for a far smaller audience. ;-) Nils -- Nils Ketelsen // Mississauga, Canada 43° 35' 13"N, 79° 38' 23"W mailto:`#!/bin/sh`@druecke.strg-alt.entf.org http://druecke.strg-alt-entf.org/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Multi-vendor AV gateway image inspection bypass vulnerability Darren Bounds (Jan 10)
- Re: Multi-vendor AV gateway image inspection bypass vulnerability Jeff Gillian (Jan 11)
- Re: Multi-vendor AV gateway image inspection bypass vulnerability - KMail Noam Rathaus (Jan 12)
- Re: Multi-vendor AV gateway image inspection bypass vulnerability Danny (Jan 11)
- Re: Multi-vendor AV gateway image inspection bypass vulnerability Darren Bounds (Jan 11)
- <Possible follow-ups>
- Re: Multi-vendor AV gateway image inspection bypass vulnerability Steven Rakick (Jan 11)
- Re: Multi-vendor AV gateway image inspection bypass vulnerability Steven Rakick (Jan 12)
- Re: Multi-vendor AV gateway image inspection bypass vulnerability Nils Ketelsen (Jan 12)
- Re: Multi-vendor AV gateway image inspection bypass vulnerability Frank Knobbe (Jan 12)
- Re: Multi-vendor AV gateway image inspection bypass vulnerability Steven Rakick (Jan 12)
- Re: Multi-vendor AV gateway image inspection bypass vulnerability Frank Knobbe (Jan 12)
- Re: Multi-vendor AV gateway image inspection bypass vulnerability Jeff Gillian (Jan 11)