Coffeehouse Post

Single Post Permalink

View Thread: Image Blocking in Outlook (+ Express)
  • User profile image

    Notice..this is only my thinking.. I am a regular at Defcon.. hear me out..

    jamie wrote:

    can a jpg actually carry a virus

    Well.. if a JPG were to carry a virus.. one of three things would happen

    1) The jpg would be embedded with information that would cause a buffer overflow in the program that is utilizing jpg compression/decompression (only problem with that, is that JPG compression has been around for a while, its hard to screw up).. THEN.. after that, the jpg would have to inject executable code (inside of itself) onto the call stack.. (which in .net is not possible).. once that happens then the code would "execute"..

    2) You could create an executable that "acts" like a jpg file, yet is really an executable.. somehow you'd have to cause execution to happen, which is hard to do if your system automatically sends a jpg image to a image processing program.

    3) Like #1, you could exploit jpg decompression and cause an overflow, in just the decompression itself, rather than the host program.. but this falls under the same conditions as #1.

    Either way, you'd have to trick the client into believing that the strangely large file size of the image is "normal".. and somehow hijack the system..

    very unlikely..