Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus

Archive

Author Archive
April 12th, 2013

Why we love specifications (not)! Part II

Dealing with file formats is not really enjoyed by us. Usually the format designers haven’t had the security and parsing by foreign applications in mind, sometimes the specifications are hard to get, but, what is worst is the specification which claims something and then the major implementation does not follow it, allowing the bad guys to evade easily our strict parsers (as strict as specified in docs). We’ve already blogged about such problem in the past.

As I dealt with Embedded Open Type (EOT) in the past I have received some undetected samples from my colleague. It was EOT sample mentioned in this blog and some other sample downloaded by her. EOT is a compact form of OpenType font – it uses some special compression based on this specific file format to decrease file size.

Read more…

Categories: analyses, Uncategorized, Virus Lab Tags:
Comments off