Friday, July 4th, 2008

Evil GIFs: Hiding Java in your image

Category: Security

What if you could encode a Jar file as an image and trick the browser to run it? This is what Ben Lorica reported from a black hat briefing webinar:

During a recent webinar to promote the upcoming Black Hat briefings in Las Vegas, a group of hackers announced the creation of a hybrid file that can potentially bypass a browser’s same origin policy. They created a GIF file that also happens to be a JAR file ( a “GIFAR” file). Once uploaded onto a web site, and assuming the web server runs a JVM, it allows one to run a malicious java applet on someone else’s web server.

Details were not provided, since the hackers claim that Sun is still working on a patch. For more on hybrid (image) files as attack vectors, go to minute 41:23 of the webinar.

Posted by Dion Almaer at 12:47 am
2 Comments

++++-
4 rating from 30 votes

2 Comments »

Comments feed TrackBack URI

There’s quite a bit of confusion over what this actually means – it sounds like a client-side browser exploit, but then there’s mention of a JVM running on the server as well. Unfortunately the Radar blog entry is the only write-up I’ve found on the topic so far.

There’s a discussion about this in the comments on my blog, without any useful conclusion: http://simonwillison.net/2008/Jul/1/evil/

Comment by SimonWillison — July 4, 2008

There’s quite a bit of confusion over what this actually means – it sounds like a client-side browser exploit, but then there’s mention of a JVM running on the server as well. Unfortunately the Radar blog entry is the only write-up I’ve found on the topic so far.

There’s a discussion about this in the comments on my blog, without any useful conclusion: http://simonwillison.net/2008/Jul/1/evil/

Comment by SimonWillison — July 4, 2008

Leave a comment

You must be logged in to post a comment.