funsec mailing list archives
RE: Format of embedded graphics
From: "Discini, Sonny" <Sonny.Discini () montgomerycountymd gov>
Date: Thu, 29 Dec 2005 09:11:45 -0500
It came through formatted as HTML to me...I have unregistered
shimgvw.dll per the Microsoft work-around and the .gif came through as
an attachment, the placeholder in the email is the 'can't view the
graphic' red X box.
Marc D'Aloisio, CISSP
Network Security Analyst; Security Incident Response
State of Connecticut - Department of Information Technology
Most of you, I suspect, read e-mail as plain text. For
experimental purposes this message is sent as HTML with a graphic
embedded with a question
<outbind://218-000000005384F517C8AD9748884180DED30A6CDAA4615401/http://w
ww.larryseltzer.com/testimage.gif>
This graphic was a non-malicious WMF file that I renamed
.GIF and embedded.
So what happens to the format of such a graphic when
embedded in an HTML e-mail? Is it forced to GIF or JPG, or is it perhaps
still a WMF and potentially malicious?
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/ <http://security.eweek.com/>
http://blog.ziffdavis.com/seltzer
<http://blog.ziffdavis.com/seltzer>
Contributing Editor, PC Magazine
larryseltzer () ziffdavis com
I have made no changes to my system and I see the
graphic displayed the same way, a red X placeholder.
Sonny Discini, Senior Network Security Engineer
Department of Technology Services
Enterprise Infrastructure Division
Montgomery County Government
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: Format of embedded graphics D'Aloisio, Marc (Dec 29)
- <Possible follow-ups>
- RE: Format of embedded graphics D'Aloisio, Marc (Dec 29)
- RE: Format of embedded graphics Discini, Sonny (Dec 29)