I'm sure you've heard of viruses and worms going around the Internet, but did you hear about the virus hidden in image files?
A long time ago, in a land far away, some creative programmer discovered that that early version of Internet Exploder Explorer allowed code in an image file to be executed. To be specific, the metadata (information about the image file that is never shown) can contain a larger amount of data than expected, causing a memory buffer overflow situation. Skilled programmers can inject a virus into that large data and place it in such a way that the OS will execute the code.
Suddenly, people had to worry about simply viewing an image sent to them in email or on a website. It took Microsoft several years to plug this particular security hole, and I think it still exists if you're running IE 5.0 or 5.5 (because these versions never got fixed).
Imagine, though, what you could do with a special picture that secretly runs code on a target computer. Bwahahahaha!!!
No comments:
Post a Comment
Feel free to agree or disagree, just be polite.