Jump to content

Code To Exploit Windows Graphics Flaw Now Public


Recommended Posts

full story here

 

A sample program hit the Internet on Wednesday, showing by example how malicious coders could compromise Windows computers by using a flaw in the handling of a widespread graphics format by Microsoft's software.

 

Security professionals expect the release of the program to herald a new round of attacks by viruses and Trojan horses incorporating the code to circumvent security on Windows computers that have not been updated. The flaw, in the way Microsoft's software processes JPEG graphics, could allow a program to take control of a victim's computer when the user opens a JPEG file.

 

 

The flaw affects various versions of at least a dozen Microsoft software applications and operating systems, including Windows XP, Windows Server 2003, Office XP, Office 2003, Internet Explorer 6 Service Pack 1, Project, Visio, Picture It and Digital Image Pro. The software giant has a full list of the applications in the advisory on its Web site. Windows XP Service Pack 2, which is still being distributed to many customers' computers, is not vulnerable to the flaw.

Link to post
Share on other sites

Thanks Mike.

 

Windows XP Service Pack 2, which is still being distributed to many customers' computers, is not vulnerable to the flaw.

 

A big reason for folks to update to SP2.

 

But as usual they will not and the first couple of virus's produced for this bug will have big impact. :)

Link to post
Share on other sites
it caused an error and shut down the browser

 

 

so instead of risking pc problems by installing sp2 would it not be easier and

safer just to use firefox and thunderbird???? :) :D

Link to post
Share on other sites

The first effective JPEG trojan has been posted to USENET. Read about it on slashdot here.

 

A team at easynews.com has picked the trojan apart, and have even created a PERL script to detect the image:

>@stat = stat($file);
$size = $stat[7];
open HANDLE, $file;
sysread(HANDLE, $input, $size);
close HANDLE;
if ($input !~ /^\xff\xd8/) {
       print "not a jpeg\n";
       exit;
}
if ($input =~ /\xff\xfe\x00[\x00\x01]/s) {
       @debug = `djpeg -debug $file 2>&1 > /dev/null`;
       if (grep (/Comment, length \-*[01]:/i, @debug)) {
               print "jpeg has trojan\n";
       }
}

The link to that page, which has a LOT of good technical information about the trojan and how it works, is: http://www.easynews.com/virus.html

 

so instead of risking pc problems by installing sp2 would it not be easier and

safer just to use firefox and thunderbird???? ;)  :blink:

Unfortunately, a downloaded image, whether it came from a website or was downloaded from Kazaa, could infect your computer by even hovering your mouse over it in Windows' File Explorer (explorer.exe).

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...