BetaONE will rise again!

BetaONE will rise again! (http:\\b1.hcanet.com\forum/index.php)
-   Internet Security and Privacy (http:\\b1.hcanet.com\forum/forumdisplay.php?f=38)
-   -   Jpg Vulnerability Exploit (http:\\b1.hcanet.com\forum/showthread.php?t=13614)

KingCobra 26th Sep 04 01:08 PM
It's not safe to look at pictures anymore. :blink:

Quote:
Detailed Description


A proof-of-concept exploit which executes code on the victim's computer when opening a JPG file has been posted to a public website on September 17th, 2004. That exploit was only crashing Internet Explorer.

On September 24th there appeared a constructor that could produce JPG files with the MS04-028 exploit. This time the exploit executed a code that could download and run a file from Internet. However, the JPG file with the exploit has to be previewed locally for the exploit to get activated, viewing a JPG file from a remote host does not activate the exploit.

We are expecting that more exploit techniques will be created by hacker groups. And there is a chance that someone will create a universal exploit that would work when viewing an image locally and on a remote host.

It is advised to install security updates released by Microsoft to be protected from the JPEG vulnerability exploit. These updates can be downloaded from here:

http://www.microsoft.com/security/bu...0409_jpeg.mspx

Code:
http://www.f-secure.com/v-descs/ms04-028.shtml

DoG 26th Sep 04 02:29 PM
XPSP2 Has this fix built in, if you are running SP2 and apply the patch it will tell you that you don't need it :)

KingCobra 26th Sep 04 06:20 PM
Very good news indeed DoG! :thumbsup:


All times are GMT +1. The time now is 12:53 AM.

Powered by vBulletin® Version 3.6.5
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.