MS04-028 trojan - a customer written A-V engine
John Wilcock
john at TRADOC.FR
Tue Sep 28 12:25:35 IST 2004
On Tue, 28 Sep 2004 12:08:16 +0100, Quentin Campbell wrote:
> PS. Why can't we simply block JPEGs using an existing MS mechanism? Well
> it is more likely that a JPEG carrying this exploit will be embedded in
> Word docs and other file types rather than appear as a JPEG attachment
> to a message.
Indeed, anyone thinking of blocking jpeg attachments using existing
MailScanner methods should be advised that the Microsoft DLL involved
handles various graphic file formats, deciding which is which on the
fly, and that it is therefore possible to trigger the exploit using a
jpeg file renamed as .tif, .bmp or whatever...
John.
--
-- Over 2500 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages - www.tradoc.fr
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
More information about the MailScanner
mailing list