I don't think it does. Has anyone made measurements? Text files and
> graphics don't have to be checked, only executable code.
I believe there have been several overflows found in image processing libraries (jpeg,pdf,tiff...) used by popular browsers and image viewers.
I am also aware of atleast one entirely text based attack on a hole in a java runtime engine.
sidd