Thread: Jpg Vulnerability Exploit
View Single Post
  #1  
Old 26th Sep 04, 01:08 PM
KingCobra's Avatar
KingCobra KingCobra is offline
Senior Member
  
Join Date: Dec 2001
Location: Illinois
Posts: 2,409
KingCobra is on a distinguished road
Send a message via Yahoo to KingCobra
It's not safe to look at pictures anymore.

Quote:
Detailed Description


A proof-of-concept exploit which executes code on the victim's computer when opening a JPG file has been posted to a public website on September 17th, 2004. That exploit was only crashing Internet Explorer.

On September 24th there appeared a constructor that could produce JPG files with the MS04-028 exploit. This time the exploit executed a code that could download and run a file from Internet. However, the JPG file with the exploit has to be previewed locally for the exploit to get activated, viewing a JPG file from a remote host does not activate the exploit.

We are expecting that more exploit techniques will be created by hacker groups. And there is a chance that someone will create a universal exploit that would work when viewing an image locally and on a remote host.

It is advised to install security updates released by Microsoft to be protected from the JPEG vulnerability exploit. These updates can be downloaded from here:

http://www.microsoft.com/security/bu...0409_jpeg.mspx

Code:
http://www.f-secure.com/v-descs/ms04-028.shtml
__________________
Reply With Quote