> BTW, you forgot to mention the possibility of a Code Red type of
> exploit where a worm crawls from server to server and installs it's
> automatically infecting payload on the sites that it infects.
That's because I was only mentioning e-mail-driven infection vectors.
Browser-only attacks (spyware-driven, popups, whatever) are a whole
other piece of the pie, as are out-of-band worms and so on.
> I do a lot of graphic design work and haven't found a non-MS app yet
> that had a vulnerable version of GDI on all of the machines that I
> own.
We have noted Flash MX, which has a bad copy that could readily pose a
risk if it's in the PATH, even if not used by Flash itself. ("Although
some Macromedia products do install a vulnerable version of
gdiplus.dll, no Macromedia product uses this Microsoft graphics
library to process JPEG images, therefore there is no security risk.")
And, though we don't use it, many cross-platform Mac/PC shops do use
FileMaker Pro 7, which ships with a bad copy.
--Sandy
------------------------------------
Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
e-mail: [EMAIL PROTECTED]
------------------------------------
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
