[X-Unix] Security update for the PNG exploit

Stroller MacMonster at myrealbox.com
Tue Aug 10 02:07:20 PDT 2004


On Aug 10, 2004, at 5:56 am, James Bucanek wrote:

> PJ Bearstein wrote on Monday, August 9, 2004:
>> Is the PNG exploit a proof of concept thingy? I don't see how a
>> graphics format can allow malicious things to affect Macs.
>
> Most buffer overflow type exploits can be used to execute malicious 
> code.  To fall victim, your system has to be in a position which 
> allows a remote user the ability to upload, then render, a maliciously 
> constructed PNG image.
>
> Which isn't that hard.  Someone could direct you to a web page that 
> contained an infected PNG file...

Like this one <http://scary.beasts.org/misc/pngtest_bad.png>

Stroller.



More information about the X-Unix mailing list