Pavlov Scope

As more information has surfaced about this problem, the vulnerability has spread to other extensions. The reason for this is that an attacker can disguise these kinds of files as other image files (like JPG, GIF, BMP, etc.). Windows renders (opens/runs) the file based on its file header information, not as its extension (like the “old” days ;-)

Additionally, SANS has discovered an issue with spefically with Lotus Notes (a groupware / email system my organization, and thousands others use) that makes it more vulnerable to this exploit than Microsoft clients (in sharp contrast to the usual, opposite condition). The primary workaround, until Lotus and/or Microsoft fixes this problem is to filter all image file types from inbound Internet email.

However, since the virus vendors are staying on top of this, filtering the image files is probably too disruptive at this time.

However, this situation could change if a new attack method is released.