Full Disclosure mailing list archives

RE: GDIPLUS VULN - MS04-028 - CRASH TEST JPEG

From: "Cassidy Macfarlane" <cmacfarlane () Drummond-Miller co uk>
Date: Wed, 15 Sep 2004 16:22:44 +0100

I found this almost exactly two years ago.

http://www.securityfocus.com/archive/82/290856

I did not put much dev effort into it at the time, but it has been
around for a while......

I'm just glad they sneaked the patch into SP2.

I remember thinking at the time - 'hrm, if I wrote some shellcode to
overwrite system mem, then I could have a .jpg that could TAKE OVER THE
WORLD'

I'm regretting not putting my full efforts in to this...can you tell?

-----Original Message-----
From: Elia Florio [mailto:eflorio () edmaster it] 
Sent: 15 September 2004 14:15
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] GDIPLUS VULN - MS04-028 - CRASH TEST JPEG


Hi list,
this is the JPEG able to reproduce the crash
reported in the bullettin MS04-028.
http://www.microsoft.com/technet/security/bulletin/ms04-028.mspx
Look at FFFE0001 or FFFE0000 signature
in the JFIF header.
Tested on Windows XP Prof SP1 [gdiplus.dll ver 5.1.3097.0]
[eflorio]


________________________________________________
Messaggio inviato da Edizioni Master Webmail
http://mbox.edmaster.it
_______________________________________________ Full-Disclosure - We
believe in it. Charter:
http://lists.netsys.com/full-disclosure-charter.html 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

GDIPLUS VULN - MS04-028 - CRASH TEST JPEG Elia Florio (Sep 15)
- <Possible follow-ups>
- RE: GDIPLUS VULN - MS04-028 - CRASH TEST JPEG Cassidy Macfarlane (Sep 15)