Thread: M$ JPG Vulnerability

The following news article discusses a vulnerability in M$ software where the simple act of viewing a jpeg on the internet can be used as a mechanism to run malicious code on a client machine.

http://news.bbc.co.uk/1/hi/technology/3684552.stm

I'm not sure I understand this. The only way this makes sense to me is that M$ software is secretly using jpegs to store executable code.

This can't possibly be correct as such an implementation is insane. Even M$ can't be this inept/underhand. Can they? Or have I misunderstood things completely?

Any thoughts?

you've misunderstood completely, i think whats involved is a buffer overflow, and it does not just effect Browsers it effects ANYTHING using GDI+ jpeg capabilities.

>you've misunderstood completely

OK. I think I am happy to have got that one wrong.

buffer overruns involve some "seemingly" complicated stuff, that im neither prepared or willing to get into... and being not incredibally familiar with the subject, in my understanding of it, it involves a number very specific complicated changes to the JPEG to do.

but my main concern is the damage all these MASSIVE vunerabilities are doing to the market, because of the literally forced switching to not all that heavily security tested or attacked browsers...

and then the fact that i read an artical claiming MS would no longer patch IE for anything other than WinXP

Buffer overruns are fun. We had to "hack" a few "bombs" and other programs in classes at the university. It's not really that complicated if you know where the vulnerability is. It requires a little assembler knowledge but you don't need to be a guru to do it.
That's probably what makes it so dangerous. That and the fact that everybody in the windows world uses the exact same programs so a small vulnerability affects a massive amount of users.

This is one of the assignments we had to do. It was actually a lot of fun, even though the "bomb" makes it easy as it uses a normalized stack. Only the last part of the assignment uses a random stack.

All cool people on the interweb enjoy jumping on the Microsoft (or should I say, Micro$oft, heh heh heh!) hate-wagon. It's very clever and original!


anyway...


Considering that this only affects GDI+ functionality, and that it was patched 2 weeks ago... yea whatever.

Who would have guessed that dutiful hackers could find a stack overflow exploit in something M$ (heh heh heh!) wrote?

Humans make mistakes and Microsoft is the largest sum of people to make mistakes that influences the most target machines, so it's very likely that bugs will be found and exploits will be written.

This bug seems to be in the GDI+ libraries, so any programm using this libraries will be vulnerable. Does that mean that all those vulnerable programms have this library statically linked ? Interesting question *g*

Any program accepting user input ( JPG bytes in this case ) can contain errors which in turn might be exploitable.

It has been announced, a fix from Microsoft has been out for two weeks, my best guess is that a virus will hit in the middle of the next week and devastate a number of machines far greater than netsky. I would not mind if it wouldn't be for the SPAM I'd get as result.

( Interesting assignment btw. I would have liked that one )