Microsoft warns of poisoned picture peril

trickblue

Not Old School...Old Testament...
Messages
31,439
Reaction score
3,961
Well isn't this great news... I wonder if message boards like this will be affected by pics hosted at other urls... :mad:

Link

Microsoft warns of poisoned picture peril
By Kevin Poulsen, SecurityFocus Sep 14 2004 5:54PM


The old bromide that promises you can't get a computer virus by looking at an image file crumbled a bit further Tuesday when Microsoft announced a critical vulnerability in its software's handling of the ubiquitous JPEG graphics format.

The security hole is a buffer overflow that potentially allows an attacker to craft a special JPEG file that would take control of a victim's machine when the user views it through Internet Explorer, Outlook, Word, and other programs. The poisoned picture could be displayed on a website, sent in e-mail, or circulated on a P2P network.

Windows XP, Windows Server 2003 and Office XP are vulnerable. Older versions of Windows are also at risk if the user has installed any of a dozen other Microsoft applications that use the same flawed code, the company said in its advisory. The newly-released Windows XP Service Pack 2 does not contain the hole, but vulnerable versions of Office running atop it can still be attacked if left unpatched. Patches are available from Microsoft's website.

The company said it's not aware of the hole being publicly exploited in the wild, and has not seen any examples of proof of concept code.

The JPEG bug rounds out a growing menagerie of vulnerabilities in code that displays image files. Mozilla developers last month patched the open-source browser against a critical hole discovered in a widely-deployed library for processing PNG images. And last July, Microsoft simultaneously fixed two image display holes in Internet Explorer: one made users potentially vulnerable to maliciously-crafted BMP images, the second to corrupt GIF files. The GIF bug had been publicly disclosed 11 months earlier.

There was a time when the idea of a malicious image file was absurd enough to be the topic of an April Fools joke. One early and widely-circulated hoax message dating from 1994 warned users of a computer virus infecting the comment field of JPEG files.

"It was someone saying that just looking at a JPEG on your screen can get you a virus," recalls Rob Rosenberg, editor of the debunking site Vmyths.com. "In '94 it was a myth, but in '04 it's the real thing... We've got the JPEG of death now."​
 
Messages
2,242
Reaction score
0
I don't know, but everytime I see that goofy jpg of the monkey w/ Turrets syndrome, begin to feel a bit flush!! :p
 

trickblue

Not Old School...Old Testament...
Messages
31,439
Reaction score
3,961
DallasCowpoke said:
I don't know, but everytime I see that goofy jpg of the monkey w/ Turrets syndrome, begin to feel a bit flush!! :p

You'll be happy to know I am working on a new avatar that people can pirate at other boards... and some here... lol

But seeing how you like that one so much... I may leave it up for a while... :D
 
Messages
2,242
Reaction score
0
trickblue said:
You'll be happy to know I am working on a new avatar that people can pirate at other boards... and some here... lol

"Hey DCP, are you impressed??"....
image.php



:p
 

CowboyPrincess

Priceless
Messages
4,622
Reaction score
16
Windows Update alerted me of an update for the Jpeg issue... there is a tool there that checks all Microsoft GDI+ capable programs for vulnerbilities
 

Duane

Well-Known Member
Messages
7,063
Reaction score
413
jacs said:
Windows XP Service Pack 2 is very good
It has kicked the crap out of Shareeza. I'm thinking about removing it until there is a work around.
 

jacs

I'd Hit It
Messages
2,407
Reaction score
0
Duane said:
It has kicked the crap out of Shareeza. I'm thinking about removing it until there is a work around.

i installed the full copy, i didnt update from windows and it has worked very good and it has more security then SP1
 
Top