Full Disclosure mailing list archives
Re: Windows XP JPEG Buffer Overflow
From: jklemenc () fnal gov
Date: Fri, 17 Sep 2004 15:33:53 -0500
Why is it that the GDI+ dll was fixed for PictureIT back it February '04? If you pull down all the patches, the PictureIT patches date to 02/26/04 and the XP SP1 patch dates to 03/02/04? Then add to it XPSP2 is already patched. Did MS sit on this patch until there was an exploit available in the wild (or at least POC)? <SPECULATION> My take on this is that someone was either writing their own JPG editor -OR- was using some 3rd party image editor and was adding comments to the image file. Their action of writing the comments field incorrectly (with an unprintable character at the start of the comment) either via their custom application -OR- via some 3rd party app triggered an application crash when viewing with PictureIT (or maybe PictureIT was the software used to create the comments). This was probably reported to MS as a PictureIT bug, which was patched in PictureIT. It was probably ported to the other GDI+ applications/OS's, but never rolled out (probably waiting to be rolled silently into a service pack as it was with XPSP2). Once POC code got out, they had to pull the trigger on releasing a patch. That would account for the numerous duplicate patches listed in the KB article. It you look, the gdiplus.dll is the same size/date/version for Office 2003, Visio 2003 & Project 2003, as are others in like groups, except there are seperate downloads for each. This seems to indicate that the offending file was fixed a while back, but was sitting dormant for each product until an update was issued seperately. MS could have easily rolled up like patchsets to detect and update all of their products, such as in the past. </SPECULATION> How many other patches are in this state that will only be released once someone goes public with POC code? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [exploitwatch.org] ALERT: Windows XP JPEG Buffer Overflow POC Exploit admin (Sep 17)
- Re: [exploitwatch.org] ALERT: Windows XP JPEG Buffer Overflow POC Exploit Gadi Evron (Sep 17)
- Re: Windows XP JPEG Buffer Overflow jklemenc (Sep 17)