M$ JPG Vulnerability

This is a discussion on M$ JPG Vulnerability within the A Brief History of Cprogramming.com forums, part of the Community Boards category; The following news article discusses a vulnerability in M$ software where the simple act of viewing a jpeg on the ...

  1. #1
    Code Monkey Davros's Avatar
    Join Date
    Jun 2002
    Posts
    812

    M$ JPG Vulnerability

    The following news article discusses a vulnerability in M$ software where the simple act of viewing a jpeg on the internet can be used as a mechanism to run malicious code on a client machine.

    http://news.bbc.co.uk/1/hi/technology/3684552.stm

    I'm not sure I understand this. The only way this makes sense to me is that M$ software is secretly using jpegs to store executable code.

    This can't possibly be correct as such an implementation is insane. Even M$ can't be this inept/underhand. Can they? Or have I misunderstood things completely?

    Any thoughts?
    OS: Windows XP
    Compilers: MinGW (Code::Blocks), BCB 5

    BigAngryDog.com

  2. #2
    Has a Masters in B.S.
    Join Date
    Aug 2001
    Posts
    2,267
    you've misunderstood completely, i think whats involved is a buffer overflow, and it does not just effect Browsers it effects ANYTHING using GDI+ jpeg capabilities.
    ADVISORY: This users posts are rated CP-MA, for Mature Audiences only.

  3. #3
    Software Developer jverkoey's Avatar
    Join Date
    Feb 2003
    Location
    University of Waterloo
    Posts
    1,904
    Yaaah...how can an image format be run as code...? Only thing I can think of is buffer overruns...possibly...but shouldn't most buffer overruns be covered? Or I'm on crack...it just seems weird that a data file that's read in can be executed with its own commands..


    -edit
    yah, no-one said what i just said kinda...

  4. #4
    Yes, my avatar is stolen anonytmouse's Avatar
    Join Date
    Dec 2002
    Posts
    2,544

  5. #5
    Code Monkey Davros's Avatar
    Join Date
    Jun 2002
    Posts
    812
    >you've misunderstood completely

    OK. I think I am happy to have got that one wrong.
    OS: Windows XP
    Compilers: MinGW (Code::Blocks), BCB 5

    BigAngryDog.com

  6. #6
    Has a Masters in B.S.
    Join Date
    Aug 2001
    Posts
    2,267
    buffer overruns involve some "seemingly" complicated stuff, that im neither prepared or willing to get into... and being not incredibally familiar with the subject, in my understanding of it, it involves a number very specific complicated changes to the JPEG to do.

    but my main concern is the damage all these MASSIVE vunerabilities are doing to the market, because of the literally forced switching to not all that heavily security tested or attacked browsers...

    and then the fact that i read an artical claiming MS would no longer patch IE for anything other than WinXP
    ADVISORY: This users posts are rated CP-MA, for Mature Audiences only.

  7. #7
    Software Developer jverkoey's Avatar
    Join Date
    Feb 2003
    Location
    University of Waterloo
    Posts
    1,904
    MS's screwed up. They're running around like chickens with their heads cut off, spreading themselves thin over so many markets that they're going to just kinda fizzle out (at least I imagine this happening pretty soon).

    Personally, SP2 fux0red up my system (sorry for the l33t there, don't care to be really silly in this sentence) by not allowing me to even use the internet anymore after i installed it, and the firewall wasn't even turned on (NO firewalls were turned on)

  8. #8
    not-a-geek
    Join Date
    Apr 2004
    Posts
    210
    Buffer overruns are fun. We had to "hack" a few "bombs" and other programs in classes at the university. It's not really that complicated if you know where the vulnerability is. It requires a little assembler knowledge but you don't need to be a guru to do it.
    That's probably what makes it so dangerous. That and the fact that everybody in the windows world uses the exact same programs so a small vulnerability affects a massive amount of users.

    This is one of the assignments we had to do. It was actually a lot of fun, even though the "bomb" makes it easy as it uses a normalized stack. Only the last part of the assignment uses a random stack.
    Last edited by Nyda; 09-27-2004 at 12:00 AM.

  9. #9
    BMJ
    BMJ is offline
    Banal internet user BMJ's Avatar
    Join Date
    Aug 2002
    Location
    Chicagoland
    Posts
    1,380
    All cool people on the interweb enjoy jumping on the Microsoft (or should I say, Micro$oft, heh heh heh!) hate-wagon. It's very clever and original!


    anyway...


    Considering that this only affects GDI+ functionality, and that it was patched 2 weeks ago... yea whatever.

    Who would have guessed that dutiful hackers could find a stack overflow exploit in something M$ (heh heh heh!) wrote?
    Last edited by BMJ; 09-27-2004 at 01:41 AM.

  10. #10
    the hat of redundancy hat nvoigt's Avatar
    Join Date
    Aug 2001
    Location
    Hannover, Germany
    Posts
    3,139
    Humans make mistakes and Microsoft is the largest sum of people to make mistakes that influences the most target machines, so it's very likely that bugs will be found and exploits will be written.

    This bug seems to be in the GDI+ libraries, so any programm using this libraries will be vulnerable. Does that mean that all those vulnerable programms have this library statically linked ? Interesting question *g*

    Any program accepting user input ( JPG bytes in this case ) can contain errors which in turn might be exploitable.

    It has been announced, a fix from Microsoft has been out for two weeks, my best guess is that a virus will hit in the middle of the next week and devastate a number of machines far greater than netsky. I would not mind if it wouldn't be for the SPAM I'd get as result.

    ( Interesting assignment btw. I would have liked that one )
    hth
    -nv

    She was so Blonde, she spent 20 minutes looking at the orange juice can because it said "Concentrate."

    When in doubt, read the FAQ.
    Then ask a smart question.

  11. #11
    Software Developer jverkoey's Avatar
    Join Date
    Feb 2003
    Location
    University of Waterloo
    Posts
    1,904
    Quote Originally Posted by BMJ
    All cool people on the interweb enjoy jumping on the Microsoft (or should I say, Micro$oft, heh heh heh!) hate-wagon. It's very clever and original!
    Meh, I'm just annoyed that SP2's been causing so many problems (with me at least)...but then again, my entire laptop's been giving me problems lately.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Replies: 6
    Last Post: 01-01-2007, 07:36 AM
  2. Downloading and displaying a jpg file
    By maxorator in forum Windows Programming
    Replies: 13
    Last Post: 11-30-2006, 06:52 AM
  3. How Dispaly JPG images in VC++
    By darcome in forum Windows Programming
    Replies: 10
    Last Post: 10-01-2002, 02:52 AM
  4. StretchBlt and JPG
    By novacain in forum Windows Programming
    Replies: 0
    Last Post: 09-28-2001, 04:05 AM
  5. What is 'buffer overrun vulnerability' in IIS?
    By Web admin in forum Windows Programming
    Replies: 1
    Last Post: 08-16-2001, 04:33 AM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21