Re: Email based attack on University
On Wed 02 Oct 2019 at 12:47:13 (-0400), Carl Fink wrote:
> On Wed, Oct 02, 2019 at 05:55:32PM +0200, ??tienne Mollier wrote:
>
> > I don't believe MP3 allows executable code by specifications
> > either, so shouldn't the PNG image format. But think of DSA
> > 4435 which affected libpng earlier this year. When the OS
> > library for handling multimedia has flaws, if an HTML email
> > embeds a specifically crafted PNG image inlined in the content,
> > then you wouldn't even have to hit the ???preview??? button to be
> > screwed:
>
> That would logically apply to ASCII text as well.
I'm not sure why an ASCII email would be handed to a multimedia library.
Cheers,
David.
Reply to: