Educause Security Discussion mailing list archives
FW: [Full-Disclosure] MS04-028 Jpeg EXPLOIT with Reverse and Bind shell ...
From: "Faigle, Chris" <cfaigle () RICHMOND EDU>
Date: Sat, 25 Sep 2004 09:24:10 -0400
Cross post from Full-disclosure list. Read the notes within the code for the author's notes on the attack vectors. The e-mail worm may not be far off. Also see info on a JPEG HackTool that takes a JPEG and a URL and creates jpeg which downloads and executes whatever is at the URL: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=HKTL_JPGDOWN .A <http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=HKTL_JPGDOW N.A&VSect=T> &VSect=T Update virus defs constantly, patch XP to SP2 and update your Office installs. Chris Faigle IS Security University of Richmond _____ From: ElviS .de [mailto:elvi52001 () yahoo com] Sent: Saturday, September 25, 2004 8:12 AM To: full-disclosure () lists netsys com Subject: [Full-Disclosure] MS04-028 Jpeg EXPLOIT with Reverse and Bind shell ... the last step before the worm http://www.k-otik.com/exploits/09252004.JpegOfDeath.c.php <http://www.k-otik.com/exploits/09252004.JpegOfDeath.c.php> ! ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- FW: [Full-Disclosure] MS04-028 Jpeg EXPLOIT with Reverse and Bind shell ... Faigle, Chris (Sep 25)