[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Email based attack on University

On Wed 02 Oct 2019 at 12:47:13 (-0400), Carl Fink wrote:
> On Wed, Oct 02, 2019 at 05:55:32PM +0200, ??tienne Mollier wrote:
> > I don't believe MP3 allows executable code by specifications
> > either, so shouldn't the PNG image format.  But think of DSA
> > 4435 which affected libpng earlier this year.  When the OS
> > library for handling multimedia has flaws, if an HTML email
> > embeds a specifically crafted PNG image inlined in the content,
> > then you wouldn't even have to hit the ???preview??? button to be
> > screwed:
> That would logically apply to ASCII text as well.

I'm not sure why an ASCII email would be handed to a multimedia library.


Reply to: