From: Micheal E. Jr <mi...@es...> - 2008-06-18 15:17:55
|
GrayHat wrote: > Hmmm... not willing to "troll" or the like; but I saw in the past some > hacks > which leveraged "unzip applications" flaws causing buffer overflow and > allowing to run code on the victim and in such cases all you needed was > a specially crafted zip file; so I would avoid underestimating such > files But I did qualify that statement with: "are typically benign or are unable to execute code on systems */running reasonably current versions/* of operating systems or with applications required to read or open the files." and with: "you will be required to */make your own best judgment/* depending on your environment and security requirements" |