Hmmm you're sounding just like the people that were saying 'JPG is safe because its not executable' a while back. They seem to have all shut their mouths now....
There could very well be some form of overflow in Notepad.exe (although I admit there are probably so few lines of code in Notepad that this is unlikely ... But never say never ;) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Exibar Sent: Monday, November 15, 2004 10:45 PM To: Gerry Eisenhaur; Andrew Farmer Cc: Michael Rutledge; [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] Administrivia: Fool Disclosure can you convert it to plaintext for us please? I think that would work nicely.... no plain text vulns that I can think of... ----- Original Message ----- From: "Gerry Eisenhaur" <[EMAIL PROTECTED]> To: "Andrew Farmer" <[EMAIL PROTECTED]> Cc: "Michael Rutledge" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Monday, November 15, 2004 1:37 PM Subject: Re: [Full-Disclosure] Administrivia: Fool Disclosure > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Why should we feel any better... > What about the libpng exploit... :) > > /gerry > > > Andrew Farmer wrote: > > | On 14 Nov 2004, at 09:19, Michael Rutledge wrote: > | > |> On Fri, 12 Nov 2004 17:50:14 -0500 (EST), Len Rose <[EMAIL PROTECTED]> > |> wrote: > |> > |>> I've been wanting to share this with people for a long time, > |>> as things wind down for me, I've (finally) decided to release this. > |>> > |>> http://www.netsys.com/images/fool-disclosure-logo.jpg > |> > |> > |> Anyone check this image for GDI+ exploit? lol > | > | > | Heh! Good point. > | > | It's clean. Here's a PNG version, if you're still feeling paranoid. > | > | http://tinypic.com/lzj1j > | > > - -- > +------------------------------------------------------+ > | Gerry Eisenhaur | | | > | Cisco Security Agent ||| ||| | > | Boxborough, Massachusetts .|||||. .|||||. | > | PGP Key: 0xC13E8AFC .:|||||||||:.:|||||||||:. | > | 978-936-0465 C i s c o S y s t e m s | > +------------------------------------------------------+ > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.5 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFBmPeFRY7FIcE+ivwRAnXHAJsE3YC0nmR+L/vGq03p1pX0afXgaACg5dCz > jnFMTW2ILvSFY9SGl2HyKc0= > =UEtt > -----END PGP SIGNATURE----- > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html =========================================================== De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is alleen bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt, wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. Hoewel Orange maatregelen heeft genomen om virussen in deze email of attachments te voorkomen, dient u ook zelf na te gaan of virussen aanwezig zijn aangezien Orange niet aansprakelijk is voor computervirussen die veroorzaakt zijn door deze email. The information contained in this message may be confidential and is intended to be only for the addressee. Should you receive this message unintentionally, please do not use the contents herein and notify the sender immediately by return e-mail. Although Orange has taken steps to ensure that this email and attachments are free from any virus, you do need to verify the possibility of their existence as Orange can take no responsibility for any computer virus which might be transferred by way of this email. =========================================================== _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
