how to execute code through images (jpeg gif png etc,)?
What types of flaws exist in windows as far as viewing images ie JPEG's GIF PNG TIFF etc etc etc? i mean like what can be accomplished as far as say arbitrary code execution or any other exploits. is it possible for code to be executed through them? I think ive heard of a couple cases of windows vulnerabilities that allowed the execution of code through images. Does the image need to be seen as code or can the image be called as an image and still execute the code inside it?
Can you execute html or javascript if the image is seen through a web browser? Or does the code need to be called as html for the code inside to get appropriately executed by the browser?
how are images executed and presented in windows? Where in that process would the possibility for code execution probably be found?
i know i have been asking plenty of questions but i really do appreciate your help and everyone in the future who looks at these posts will appreciate it also. thanks.
There have been some vulnerabilities found in the Windows GDI that allows for remote code execution of specially crafted image files. I'm not sure what all formats the exploit is possible through but I've read some about it so I know it is/was possible. There was also a buffer overflow found in jpeg processing using the GDI+ library but I don't think it was a remote exploit.