Michal Zalewski has been experimenting with random corrupted JPEG and seeing how the various browsers responded. Zalewski has gone on record previously saying that in similar tests using broken HTML mark-ups Vole's IE handled things the best.
However, on the corrupted JPEG test, VoleWare was a doddle to crash and other browsers were much better at handling them, Zalewski said.
Microsoft Internet Explorer can be crashed in potentially exploitable ways quite easily, he said. There are three possible outcomes when a web browser encounters a corrupted image. The browser fails to display the image, it displays as as it can, or it crashes.
Software crashes were a sign that the Volish programmers had not written code that could take corrupted input into account. Many of the crashes were associated with memory corruption, he said.
If a hacker or hackerette were to use corrupted JPGs, he or she could control memory corruption, he or she could then easily alter the program and take over your computer, Zalewski warned.
More on this at the Sydney Morning Herald . µ
Sign up for INQbot – a weekly roundup of the best from the INQ