Warning: INSERT command denied to user 'decalaged'@'10.0.155.56' for table 'watchdog' query: INSERT INTO watchdog (uid, type, message, variables, severity, link, location, referer, hostname, timestamp) VALUES (0, 'php', '%message in %file on line %line.', 'a:4:{s:6:\"%error\";s:12:\"user warning\";s:8:\"%message\";s:1023:\"UPDATE command denied to user 'decalaged'@'10.0.155.56' for table 'cache_block'\nquery: UPDATE cache_block SET data = 'a:2:{s:7:\\"subject\\";s:94:\\"<a href=\\"/en/file_formats_security\\" class=\\"book-title active\\">File Formats Security Issues</a>\\";s:7:\\"content\\";s:481:\\"<ul class=\\"menu\\"><li class=\\"leaf first\\"><a href=\\& in /homez.14/decalaged/www/drupal/includes/database.mysql.inc on line 128
File Formats Security Issues | Decalage
Home

File Formats Security Issues

user warning: UPDATE command denied to user 'decalaged'@'10.0.155.56' for table 'cache_block' query: UPDATE cache_block SET data = 'a:2:{s:7:\"subject\";s:94:\"<a href=\"/en/file_formats_security\" class=\"book-title active\">File Formats Security Issues</a>\";s:7:\"content\";s:481:\"<ul class=\"menu\"><li class=\"leaf first\"><a href=\"/en/file_formats_security/openxml\">MS Office Open XML formats security (docx, xslx, pptx, ...)</a></li>\n<li class=\"leaf\"><a href=\"/en/file_formats_security/office\">MS Office legacy/binary formats security (doc, xls, ppt, ...)</a></li>\n<li class=\"leaf\"><a href=\"/en/file_formats_security/odf\">ODF / OpenDocument format security</a></li>\n<li class=\"leaf last\"><a href=\"/en/file_formats_security/pdf\">PD in /homez.14/decalaged/www/drupal/includes/cache.inc on line 109.
Sat, 02/13/2010 - 13:00 — decalage

This is a series of articles about file formats and related security issues. In 2003 I had presented an article in French about this subject at the SSTIC conference: [SSTIC03]. In the following articles I will provide an updated version in English with more information about common file formats.

The original location of this book is http://www.decalage.info/file_formats_security.

Each file format will be described with the following information:

  • File format description
  • Links to specification documents and technical information about the format
  • Main client applications
  • Main security issues
  • Examples of known vulnerabilities and exploits
  • Useful analysis tools
  • Parsing tools and libraries
  • Filtering tools and libraries

In the future I plan to cover common file formats such as PDF, MS Office (binary and Open XML), HTML, XML, RTF, ZIP, JPEG, EXE, etc. Stay tuned! ;-)


Warning: INSERT command denied to user 'decalaged'@'10.0.155.56' for table 'watchdog' query: INSERT INTO watchdog (uid, type, message, variables, severity, link, location, referer, hostname, timestamp) VALUES (0, 'php', '%message in %file on line %line.', 'a:4:{s:6:\"%error\";s:12:\"user warning\";s:8:\"%message\";s:0:\"\";s:5:\"%file\";s:49:\"/homez.14/decalaged/www/drupal/includes/cache.inc\";s:5:\"%line\";i:109;}', 3, '', 'http://www.decalage.info/en/file_formats_security', '', '54.224.75.101', 1369143360) in /homez.14/decalaged/www/drupal/includes/database.mysql.inc on line 128

Warning: INSERT command denied to user 'decalaged'@'10.0.155.56' for table 'watchdog' query: INSERT INTO watchdog (uid, type, message, variables, severity, link, location, referer, hostname, timestamp) VALUES (0, 'php', '%message in %file on line %line.', 'a:4:{s:6:\"%error\";s:12:\"user warning\";s:8:\"%message\";s:233:\"UPDATE command denied to user &#039;decalaged&#039;@&#039;10.0.155.56&#039; for table &#039;node_counter&#039;\nquery: UPDATE node_counter SET daycount = daycount + 1, totalcount = totalcount + 1, timestamp = 1369143360 WHERE nid = 55\";s:5:\"%file\";s:67:\"/homez.14/decalaged/www/drupal/modules/statistics/statistics.module\";s:5:\"%line\";i:54;}', 3, '', 'http://www.decalage.info/en/file_formats_security', '', '54.224.75.101', 1369143360) in /homez.14/decalaged/www/drupal/includes/database.mysql.inc on line 128

Warning: INSERT command denied to user 'decalaged'@'10.0.155.56' for table 'watchdog' query: INSERT INTO watchdog (uid, type, message, variables, severity, link, location, referer, hostname, timestamp) VALUES (0, 'php', '%message in %file on line %line.', 'a:4:{s:6:\"%error\";s:12:\"user warning\";s:8:\"%message\";s:370:\"INSERT command denied to user &#039;decalaged&#039;@&#039;10.0.155.56&#039; for table &#039;accesslog&#039;\nquery: INSERT INTO accesslog (title, path, url, hostname, uid, sid, timer, timestamp) values(&#039;File Formats Security Issues&#039;, &#039;node/55&#039;, &#039;&#039;, &#039;54.224.75.101&#039;, 0, &#039;2efb9f493f8e2e00578c77623c7d5c93&#039;, 544, 1369143360)\";s:5:\"%file\";s:67:\"/homez.14/decalaged/www/drupal/modules/statistics/statistics.module\";s:5:\"%line\";i:64;}', 3, '' in /homez.14/decalaged/www/drupal/includes/database.mysql.inc on line 128

Warning: INSERT command denied to user 'decalaged'@'10.0.155.56' for table 'watchdog' query: INSERT INTO watchdog (uid, type, message, variables, severity, link, location, referer, hostname, timestamp) VALUES (0, 'php', '%message in %file on line %line.', 'a:4:{s:6:\"%error\";s:12:\"user warning\";s:8:\"%message\";s:1023:\"UPDATE command denied to user &#039;decalaged&#039;@&#039;10.0.155.56&#039; for table &#039;sessions&#039;\nquery: UPDATE sessions SET uid = 0, cache = 0, hostname = &#039;54.224.75.101&#039;, session = &#039;messages|a:1:{s:5:\\&quot;error\\&quot;;a:3:{i:0;s:80:\\&quot;user warning: in /homez.14/decalaged/www/drupal/includes/cache.inc on line 109.\\&quot;;i:1;s:330:\\&quot;user warning: UPDATE command denied to user &amp;#039;decalaged&amp;#039;@&amp;#039;10.0.155.56&amp;#039; for table &amp;#039;node_counter&amp;#039; in /homez.14/decalaged/www/drupal/includes/database.mysql.inc on line 128