[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <414AB191.9090801@linuxbox.org>
From: ge at linuxbox.org (Gadi Evron)
Subject: [exploitwatch.org] ALERT: Windows XP JPEG Buffer
Overflow POC Exploit
admin@...loitwatch.org wrote:
> A PoC for the Windows XP JPEG has been published. Because of the potential
> impact, it is anticipated that this exploit will be widely used by worms and
> other malware within a short period of time.
>
> http://www.gulftech.org/?node=downloads
It might indeed, but I see it more as evolution.
First there were simple URL's with malicious content.
Then there were pictures which were actually HTML code (404 thing).
Then we saw HTML pages with actual pictures in them.
Now this.
It's natural evolution and would help spamed-URL malware a bit IF it
ends up being easy enough to exploit it, and then some easy-to-use kit
is created. These factors will determine how wide-used it will be.
BMP was hit before, and jpeg got hit back with Netscape and there was no
big buzz.. This could end up being an issue for the media and AV
companies to blow out of proportion, and it may actually be used in some
Trojan horse or worm.
I'm a bit more worried about email threats.. the last thing we need,
much like vmyths said, was scared admins blocking jpegs at the gateway.
Download the patches and you will be fine (if you get through it without
an heart attack).
This *IS* an actual exploit and therefore, unlike vmyths - I believe it
is more than possible a worm (or worms) will show up, but unlike other
exploits of the past I wouldn't jump to any conclusions quite yet as to
how big it is going to be, or how soon we will see it used.
Do your security and see how things develop. Why contribute to the media
frenzy? There is no call for it.
I'm usually the one to call a date, this time I am the one to call "You
said there's an exploit, fine! Who said you can scare everybody?" and
that's meant not directly to you, but quite a few people.
Also - unrelated to this exploit, although jpeg is a pretty compressed
format, it is a very orderly one. Anyone up on their jpeg technology to
make a small program for checking if a jpeg was altered or some blurb
was added to it inside?
Gadi Evron.
Powered by blists - more mailing lists