What I am talking about with the image tag and the script is what a lot of web developers use:
< img src = "" >
and the script replies with the proper mime format for an image plus the binary data needed to create it....
<<If it can, then this third party web site can cook malicious IMG
file which can breach the security of user's desktop machine.>>
Only if the image is somehow malformed and exploits bad code in a browser...and then it would only run in context of the user running the browser.
As for the image coming with a cookie, see the previous e-mail. In general a cookie wouldn't be associated with an image the way you speak of it.
On Fri, 2003-02-28 at 17:53, Philip Ching (605.734.71) wrote:
Hi Timothy, Thanks for your message! On 28 Feb 2003, Timothy Rieder wrote: > 1) First off, I would not see displaying an image as a "bug" but > displaying an image can be a security issue if there is a flaw in the > web browser's code and someone constructs an image that takes advantage > of the flaw. Similarly, there was an issue a little while ago with a > Linux MP3 player and a couple of mangled MP3s floating around on some > file sharing programs that would perform some remote code execution (I > guess it was a buffer overflow) if you played the MP3...not exactly > related but the it shows the possibility is there. I thought it may have security problem but I am not exactly sure. Can an IMG tag carry (i.e, include) some script? If it can, then this third party web site can cook malicious IMG file which can breach the security of user's desktop machine. Agree? > 2) Unless you take into consideration what I said above, I doubt > displaying an image sent a cookie unless the img tag contained a link to > a dynamically generated image (which requested it) or a link to one of > those web tracking/advertising companies like DoubleClick. If it was the > case of a tracking /ad company then they could possibly be looking for > some hints to your surfing habits. Also by third party I assume you mean > a company. Hmm ... I believe the scenarios is: If an IMG file (from third party web site) is displayed on my the web page I am looking at now, this third party web site will ask for a cookie. The two possiblities: 1) I (i.e., my browser) happen to have a cookie, then I return the cookie to this third party web site; 2) I don't have the cookie, then this third party web site will set up a new cookie on my browser. Is this understanding correct? Thank you! Philip > > On Fri, 2003-02-28 at 11:25, Philip Ching (605.734.71) wrote: > > Hi All, > > Can some body explain the following: > > 1) Can a Web Bug (i.e., display of an image file from a third > party web site) be a security problem? > > 2) Does it cause a cookie to be sent from the browser to that > third party web site? > > Thanks! > > Philip > > ------------------------------------------------------------------------ > To unsubscribe email security-discuss-request@linuxsecurity.com > with "unsubscribe" in the subject of the message. > > > > ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.