Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Possible GDI Exploit Vector

from [james_love] Network Security [Permanent Link]
Subject: Possible GDI Exploit Vector
Date: 29 Sep 2004 09:26:19 -0000 


Does anyone know if MSN Messenger 6 uses GDI+ to render jpeg images that appear 
as the profile images you see in MSN 6 Chat windows? If so, this could provide 
an extremely fast way to propagate a worm using the GDI+ flaw. All you would 
need to do to start it off is set the crafted image as ur profile picture, 
start conversations wtih people you know have MSN6 installed, and, if by 
default they display the other users' profile picture,they're machine would 
process the image and carry out any nasty deeds the image has within it (if the 
machine's not patched). 

For the worm to propagate, it would need to craft its code into the current 
users profile picture, and every time the infected user started a conversation 
with someone, it would spread as soon as the other user viewed the profile 
picture within the chat window.

The speed of spread would be enormous, granted that most people dont have up to 
date virus scanners/definitions and have not patched their machines. Plus it 
would be nearly impossible to determine where the virus came from, where it 
started off.

All this, of course, is only possible if MSN Messenger 6 does indeed use GDI+. 
Does it?
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Possible GDI Exploit Vector, james_love <=
Previous by Date:  Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Kurt Seifried
Next by Date:  Php RFC1867 Upload Vuln. POC Released, Stefano Di Paola
Previous by Thread:  [CLA-2004:870] Conectiva Security Announcement - imlib, Conectiva Updates
Next by Thread:  Php RFC1867 Upload Vuln. POC Released, Stefano Di Paola
Indexes:  [Date] [Thread] [Top] [All Lists]