Virus and Cookies

Just a little question from an earlier debate, can a cookie from a website contain a virus/worm/trojan? I have a pretty good idea in my head but it was a heated debate so I thought I would see the results from the group here
3,442 views 4 replies
Reply #2 Top
I've never seen or heard of a virus within a cookie. And as crae mentioned they are just data and do not get executed so the likely hood of them containing a virus is next to nothing.
Reply #3 Top
Very unlikely...

You could put the code for a virus in there, but the browser wouldn't execute it, only reference/read it.

Although... thinking about it, a buffer overflow could *maybe* be used to overload a cookie variable and execute arbitrary code, but I imagine the cookie variables and functions are well tested and heavily validated.

hmmm... it's just theory, doubt it's been done, or even if it's technically possible.
Reply #4 Top
OK now see I agree, during a debate last night a friend was resisting using cookies to hold some session variables because she was convinced by someone that cookies contains virus' and for the life of me I could not figure out how in the work a text based variable holder could contain one let along execute it...and she could not remember where she say the information about it. So I thought I would mention it here to see if anyone had every heard of that. For I had never seen/heard or even could comprehend how a cookie could execute a virus....now java, javascript, and active x..that is a different story