Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security VulnWatch
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-Disclosure] [exploitwatch.org] ALERT: Windows XP JPEG Buffer O

from [Gadi Evron] Network Security [Permanent Link]
Subject: Re: [Full-Disclosure] [exploitwatch.org] ALERT: Windows XP JPEG Buffer Overflow POC Exploit
Date: Fri, 17 Sep 2004 11:42:41 +0200 
admin@exploitwatch.org wrote:

A PoC for the Windows XP JPEG has been published. Because of the potential
impact, it is anticipated that this exploit will be widely used by worms and
other malware within a short period of time.

http://www.gulftech.org/?node=downloads 

It might indeed, but I see it more as evolution.
First there were simple URL's with malicious content.
Then there were pictures which were actually HTML code (404 thing).
Then we saw HTML pages with actual pictures in them.

Now this.

It's natural evolution and would help spamed-URL malware a bit IF it ends up being easy enough to exploit it, and then some easy-to-use kit is created. These factors will determine how wide-used it will be.

BMP was hit before, and jpeg got hit back with Netscape and there was no big buzz.. This could end up being an issue for the media and AV companies to blow out of proportion, and it may actually be used in some Trojan horse or worm.

I'm a bit more worried about email threats.. the last thing we need, much like vmyths said, was scared admins blocking jpegs at the gateway.

Download the patches and you will be fine (if you get through it without an heart attack).

This *IS* an actual exploit and therefore, unlike vmyths - I believe it is more than possible a worm (or worms) will show up, but unlike other exploits of the past I wouldn't jump to any conclusions quite yet as to how big it is going to be, or how soon we will see it used.

Do your security and see how things develop. Why contribute to the media frenzy? There is no call for it.

I'm usually the one to call a date, this time I am the one to call "You said there's an exploit, fine! Who said you can scare everybody?" and that's meant not directly to you, but quite a few people.

Also - unrelated to this exploit, although jpeg is a pretty compressed format, it is a very orderly one. Anyone up on their jpeg technology to make a small program for checking if a jpeg was altered or some blurb was added to it inside?

        Gadi Evron.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-Disclosure] [exploitwatch.org] ALERT: Windows XP JPEG Buffer Overflow POC Exploit, admin
Next by Date:  [VulnWatch] Corsaire Security Advisory - Business Objects WebIntelligence arbitrary document deletion issue, advisories
Previous by Thread:  [Full-Disclosure] [exploitwatch.org] ALERT: Windows XP JPEG Buffer Overflow POC Exploit, admin
Next by Thread:  [VulnWatch] Corsaire Security Advisory - Business Objects WebIntelligence arbitrary document deletion issue, advisories
Indexes:  [Date] [Thread] [Top] [All Lists]