iPhone;243063 Wrote: > Doesnt the CERT message say that FLAC can be attacked if an executable > file is downloaded.
No, it says that the FLAC libraries contain a number of buffer overflow vulnerabilities; the file does not have to be "executable". Read each of the 14 vulnerabilities mentioned in the eeye.com advisory: http://research.eeye.com/html/advisories/published/AD20071115.html iPhone;243063 Wrote: > Question: Who is downloading FLAC? Are we all not ripping our own CDs > and would not be vulnerable to this type of attack? Seeing how it is > all local to our machines. Or am I not thinking about this like an IT > Guy? > > I have to be missing something, right? Come on IT Guys, help me get my > head around this. Of the 14 vulnerabliities, one vector of attack would use a specially crafted image file, that you might link in your FLAC metadata. Where do you get all your images? Also consider how many people routinely share music files. -- MrC ------------------------------------------------------------------------ MrC's Profile: http://forums.slimdevices.com/member.php?userid=468 View this thread: http://forums.slimdevices.com/showthread.php?t=40287
_______________________________________________ ripping mailing list [email protected] http://lists.slimdevices.com/lists/listinfo/ripping
