[X-Unix] Security update for the PNG exploit
Stroller
MacMonster at myrealbox.com
Tue Aug 10 02:07:20 PDT 2004
On Aug 10, 2004, at 5:56 am, James Bucanek wrote:
> PJ Bearstein wrote on Monday, August 9, 2004:
>> Is the PNG exploit a proof of concept thingy? I don't see how a
>> graphics format can allow malicious things to affect Macs.
>
> Most buffer overflow type exploits can be used to execute malicious
> code. To fall victim, your system has to be in a position which
> allows a remote user the ability to upload, then render, a maliciously
> constructed PNG image.
>
> Which isn't that hard. Someone could direct you to a web page that
> contained an infected PNG file...
Like this one <http://scary.beasts.org/misc/pngtest_bad.png>
Stroller.
More information about the X-Unix
mailing list