I've never seen this before but I just noticed when opening an email message in gmail that I had already read previously that it didn't open the message and IE8 status bar displayed that was trying to load an image from gmail host just when it hung, the HDD was quite active while IE was frozen up to terminating it (Ideally I'd have suspended it but there's no easy way to suspend just the frozen IE without going to look it up in the task manager while it might be doing bad things, when IE hangs I just terminate immediately as it could be some attack trying to escape the browser given some time). I had to terminate the process and then when I went back to gmail to load the same message it loaded just fine and I noticed there was an image on the right side -
Is Google allowing 3rd party bitmaps in their advertisements but hosting them on the gmail server?
I could speculate that it was perhaps some 0day attack from a 3rd party bitmap data hosted by gmail, but I opt not to speculate such things, so lets leave that theory at that.
*giggle* You sure? Because I'm not. We've had GIF images that are Java JARs before.
If your browser runs the jar file when you <img src=""> it from a third party domain, then you need to get a new browser :/
Also 3rd party hosted bitmaps can't 0-day a website
There was also the JPEG handling vulnerability in GDI a few years ago.
Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.