Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [exploitwatch.org] ALERT: Windows XP JPEG Buffer Overflow POC Exploit

From: Gadi Evron <ge () linuxbox org>
Date: Fri, 17 Sep 2004 11:42:41 +0200
admin () exploitwatch org wrote:


A PoC for the Windows XP JPEG has been published. Because of the potential
impact, it is anticipated that this exploit will be widely used by worms and
other malware within a short period of time.

http://www.gulftech.org/?node=downloads


It might indeed, but I see it more as evolution.
First there were simple URL's with malicious content.
Then there were pictures which were actually HTML code (404 thing).
Then we saw HTML pages with actual pictures in them.

Now this.
It's natural evolution and would help spamed-URL malware a bit IF it ends up being easy enough to exploit it, and then some easy-to-use kit is created. These factors will determine how wide-used it will be.
BMP was hit before, and jpeg got hit back with Netscape and there was no big buzz.. This could end up being an issue for the media and AV companies to blow out of proportion, and it may actually be used in some Trojan horse or worm.
I'm a bit more worried about email threats.. the last thing we need, much like vmyths said, was scared admins blocking jpegs at the gateway.
Download the patches and you will be fine (if you get through it without an heart attack).
This *IS* an actual exploit and therefore, unlike vmyths - I believe it is more than possible a worm (or worms) will show up, but unlike other exploits of the past I wouldn't jump to any conclusions quite yet as to how big it is going to be, or how soon we will see it used.
Do your security and see how things develop. Why contribute to the media frenzy? There is no call for it.
I'm usually the one to call a date, this time I am the one to call "You said there's an exploit, fine! Who said you can scare everybody?" and that's meant not directly to you, but quite a few people.
Also - unrelated to this exploit, although jpeg is a pretty compressed format, it is a very orderly one. Anyone up on their jpeg technology to make a small program for checking if a jpeg was altered or some blurb was added to it inside? 

        Gadi Evron.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: