[quote='zanthor',index.php?page=Thread&postID=64655 #post64655]Learn what file extensions do what... a .JPG is harmless, a .exe or .com or .vbs aren't... the list goes on... .zip.exe will .bend.you.over while a .zip is harmless (though it may contain nastyness.)
[/quote]I have to disagree with that statement. "Picture" files have recently become a more common attack vector for hackers. To quote Microsoft from the April security alert (aka: patch Tuesday):
[font="]Bulletin Identifier[/font]
[font="]Microsoft Security Bulletin MS08-021[/font]
[b]Bulletin Title[/b]
[url='http://go.microsoft.com/fwlink/?LinkId=111955']Vulnerabilities in GDI Could Allow Remote Code Execution (948590)[/url]
Executive Summary
This security update resolves two privately reported vulnerabilities in GDI. Exploitation of either of these vulnerabilities could allow remote code execution if a user opens a specially crafted EMF or WMF image file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Maximum Severity Rating
Critical
Impact of Vulnerability
Remote Code Execution
Detection
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. The update requires a restart.
Affected Software
Microsoft Windows. For more information, see the Affected Software and Download Locations section.
Reply With Quote
Connect With Us