-Disclosure] 2 vulnerabilities combine to auto execute
received files in Nokia series 60 OS
Hi,
I forwarded this bug to Nokia security group, they believe it is a
feature and not a bug. Whats your opinion?
1. By default, executable files cannot be transferred (many mobile game
companies probably
so then the bottom line is that there is a bug. When files are being
transfered they should also be identified via the content of the file
rather than the extension...
-KF
The second one is also know feature, the file type is not determinated
from the extension but from the content of the file.
On Mon, 24 Jan 2005 10:29:31 EST, KF (lists) said:
so then the bottom line is that there is a bug. When files are being
transfered they should also be identified via the content of the file
rather than the extension...
'Those who cannot remember the past, are condemned to repeat it.'
will not be
executed.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Monday, January 24, 2005 12:01 AM
To: bugtraq@securityfocus.com; full-disclosure@lists.netsys.com
Subject: [Full-Disclosure] 2 vulnerabilities combine to auto execute
Paul Kurczaba wrote:
Wouldn't the phone try to open the jpg file as a picture, and not execute
it. Just like on desktop PCs: if you rename a .exe (application/program) to
a jpg (picture file), and try to open the file, your image program will open
the file, thinking it is a image file. The
Paul Kurczaba wrote:
Wouldn't the phone try to open the jpg file as a picture, and not execute
it. Just like on desktop PCs: if you rename a .exe (application/program) to
a jpg (picture file), and try to open the file, your image program will open
the file, thinking it is a image file. The