WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Betr.: detecting malicious image file

From: "Philip Wagenaar" <p.wagenaar () accon nl>
Date: Mon, 07 Feb 2005 16:51:33 +0100
Yes it does look like a normal image.
And I know that sygate personal firewall (pro) detects them if load one in internet explorer when a website hosts such 
an image.

www.packetstormsecurity.com has a few exploits, I believe they were in c++ (I got them to compile in vs.net 2003). 
Exploits are c++ source code, so that should give you a pretty clear image <-- :-) of how to reconize such an image.



Met vriendelijke groet,

(Philip) Wagenaar
Assistent ICT Projecten & Advies

AccoN Accountants & Adviseurs
ICT Projecten & Advies
Postbus 5090
6802 EB Arnhem
The Netherlands

tel. +31 (0)26-3842384
fax. +31 (0)26-3630222
mobile: +31 (0)6-25388935
MSN/E-mail: p.wagenaar () accon nl
http://www.accon.nl



"Weiler, Jim" <Jim.Weiler () Staples com> 07-02-05 15:42 >>>

Does anyone know how to detect an image file (.jpg or .bmp or .gif file
regardless of extension) that has the buffer overflow exploit (MS04-028) in
it? If you open it with any image editor does it work like a regular image? 

Jim Weiler
Staples North American Application Services
Application Architect
508 2533884

##################################################################

Dit e-mailbericht is uitsluitend bestemd voor de geadresseerde.
De informatie hierin is vertrouwelijk, zodat het derden niet is
toegestaan om daarvan kennis te nemen of dit te verstrekken aan
andere derden. Indien u dit e-mail bericht ontvangt terwijl het
niet voor u bestemd is, verzoeken wij u contact op te nemen met
de afzender en de informatie te verwijderen van iedere computer.
Bij voorbaat dank. 

==================================================================

The information transmitted in this e-mail is intended only for
the person or entity to which it is addressed and contains
confidential information. Any review, retransmission or other
use by persons or entities other than the intended recipient is
prohibited. If you received this in error, please contact the
sender and delete the material from any computer. Thank you. 

##################################################################

#####################################################################################
This e-mail message has been scanned for Viruses and Content and cleared 
by MailMarshal
#####################################################################################
Previous By Date Next
Previous By Thread Next

Current thread: