[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] RE: Wrapping Scripted Media in RSS: Secure?
So overall, the original thread conclusion and Bill Kearney are right: RSS should resist scripted content regardless of market pressures? len From: Ken North [mailto:kennorth@s...] Robert Koberg wrote: > But isn't this more about server admins than possible problems with > script in content? > > How can their be problems if the script cannot be executed? Given that we've seen security threats related to non-executable content, you comment about server administration hits the nail on the head. 1. Vulnerabilities related to XML, DTD, XML-RPC and SOAP processing: http://www.webservicessummit.com/Vulnerabilities.htm 2. SQL injection vulnerabilities are epidemic. 3. MP3, WMA, AVI, PNG and JPEG have been exploited. The problem is often a buffer overrun that can be exploited by constructing a file to cause the overrun and allow malware to execute. There's a worm that exploited a vulnerability in some Windows apps that read JPEG images. One of the MP3 exploits uses an ID3 tag. There have been vulnerabilities in media players (Flash Player, RealPlayer, Windows Media Player, MPlayer).
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|