Re: Email based attack on University
On Wed, Oct 02, 2019 at 11:57:50AM -0500, David Wright wrote:
> On Wed 02 Oct 2019 at 12:47:13 (-0400), Carl Fink wrote:
> > On Wed, Oct 02, 2019 at 05:55:32PM +0200, ??tienne Mollier wrote:
> >
> > > I don't believe MP3 allows executable code by specifications
> > > either, so shouldn't the PNG image format. But think of DSA
> > > 4435 which affected libpng earlier this year. When the OS
> > > library for handling multimedia has flaws, if an HTML email
> > > embeds a specifically crafted PNG image inlined in the content,
> > > then you wouldn't even have to hit the ???preview??? button to be
> > > screwed:
> >
> > That would logically apply to ASCII text as well.
>
> I'm not sure why an ASCII email would be handed to a multimedia library.
Nor am I. But "multimedia" is an imposition here. Text is also rendered by
libraries.
--
Carl Fink nitpicking@nitpicking.com
Read John Grant's book, Corrupted Science: http://a.co/9UsUoGu
Dedicated to ... Carl Fink!
Reply to: