WebApp Sec mailing list archives
Betr.: detecting malicious image file
From: "Philip Wagenaar" <p.wagenaar () accon nl>
Date: Mon, 07 Feb 2005 16:51:33 +0100
Yes it does look like a normal image. And I know that sygate personal firewall (pro) detects them if load one in internet explorer when a website hosts such an image. www.packetstormsecurity.com has a few exploits, I believe they were in c++ (I got them to compile in vs.net 2003). Exploits are c++ source code, so that should give you a pretty clear image <-- :-) of how to reconize such an image. Met vriendelijke groet, (Philip) Wagenaar Assistent ICT Projecten & Advies AccoN Accountants & Adviseurs ICT Projecten & Advies Postbus 5090 6802 EB Arnhem The Netherlands tel. +31 (0)26-3842384 fax. +31 (0)26-3630222 mobile: +31 (0)6-25388935 MSN/E-mail: p.wagenaar () accon nl http://www.accon.nl
"Weiler, Jim" <Jim.Weiler () Staples com> 07-02-05 15:42 >>>
Does anyone know how to detect an image file (.jpg or .bmp or .gif file regardless of extension) that has the buffer overflow exploit (MS04-028) in it? If you open it with any image editor does it work like a regular image? Jim Weiler Staples North American Application Services Application Architect 508 2533884 ################################################################## Dit e-mailbericht is uitsluitend bestemd voor de geadresseerde. De informatie hierin is vertrouwelijk, zodat het derden niet is toegestaan om daarvan kennis te nemen of dit te verstrekken aan andere derden. Indien u dit e-mail bericht ontvangt terwijl het niet voor u bestemd is, verzoeken wij u contact op te nemen met de afzender en de informatie te verwijderen van iedere computer. Bij voorbaat dank. ================================================================== The information transmitted in this e-mail is intended only for the person or entity to which it is addressed and contains confidential information. Any review, retransmission or other use by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. Thank you. ################################################################## ##################################################################################### This e-mail message has been scanned for Viruses and Content and cleared by MailMarshal #####################################################################################
Current thread:
- Betr.: detecting malicious image file Philip Wagenaar (Feb 07)