lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.58.0508111302480.18264@dione>
Date: Thu Aug 11 12:14:51 2005
From: lcamtuf at dione.ids.pl (Michal Zalewski)
Subject: Re: Compromising pictures of Microsoft Internet
	Explorer! 


> This experiment resulted in identifying a potential remote code
> execution path in Microsoft Internet Explorer, plus some other bugs, and
> should be a good starting point for further testing of other browsers or
> similar programs.

Just for the reference, this is confirmed to be fixed by the most recent
(and long overdue) cummulative update for MSIE (a part of MS05-038):

JPEG Image Rendering Memory Corruption Vulnerability - CAN-2005-1988

   A remote code execution vulnerability exists in Internet Explorer
   because of the way that it handles JPEG images. An attacker could
   exploit the vulnerability by constructing a malicious JPEG image that
   could potentially allow remote code execution if a user visited a
   malicious Web site or viewed a malicious e-mail message. An attacker
   who successfully exploited this vulnerability could take complete
   control of an affected system.

Thought I'd clarify, because CVE seems to carry original references with
one candidate entry (CAN-2005-2308), and Microsoft's patch with no prior
references in another (CAN-2005-1988) - so there might be some confusion
as to what was fixed and why. CERT and Securityfocus both include proper
data, though.

Cheers,
/mz
http://lcamtuf.coredump.cx/silence/
-------------- next part --------------
#!/bin/bash

echo "Content-Type: text/html"
echo

ID="timg-$$-$RANDOM-$RANDOM"

rm -f timg-* AFX.log

cat <<_EOF_
<HTML>
<HEAD>
<META HTTP-EQUIV="Refresh" content="0;URL=/">
</HEAD>
<BODY>
_EOF_

CNT=0

for i in img/*; do
  CNT="$[CNT+1]"
  FNAM="$ID-$CNT"
  EXT=`echo $i | cut -d. -f2`
  ./afx-loc -p 1 -i 100 -m RANDOM -s 60000 <$i 2>$FNAM.$EXT >>AFX.log
  echo "Test $CNT - <IMG SRC=\"$FNAM.$EXT\"><BR>"
done

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ