Weaponized File Formats

This is a series of articles about file formats and related security issues. In 2003 I had presented an article in French about this subject at the SSTIC conference: [SSTIC03]. In the following articles I will provide an updated version in English with more information about common file formats.

The original location of this book is http://www.decalage.info/file_formats_security.

Each file format will be described with the following information:

  • File format description
  • Links to specification documents and technical information about the format
  • Main client applications
  • Main security issues
  • Examples of known vulnerabilities and exploits
  • Useful analysis tools
  • Parsing tools and libraries
  • Filtering tools and libraries

In the future I plan to cover common file formats such as PDF, MS Office (binary and Open XML), HTML, XML, RTF, ZIP, JPEG, EXE, etc. Stay tuned! ;-)