Full Disclosure mailing list archives
[Full-Disclosure] RE: Full-disclosure digest, Vol 1 #1955 - 19 msgs
From: "RandallM" <randallm () fidmail com>
Date: Wed, 6 Oct 2004 20:59:28 -0500
<|>--__--__-- <|> <|>Message: 14 <|>Date: Wed, 6 Oct 2004 15:53:32 -0700 <|>From: GuidoZ <uberguidoz () gmail com> <|>Reply-To: GuidoZ <uberguidoz () gmail com> <|>To: full-disclosure () lists netsys com <|>Subject: [Full-disclosure] Quick JPEG/GDI test & fix (timesaver) <|> <|>Hello list, <|> <|>I wrote a very simple program/batch file that tests for the JPEG <|>exploit, then if affected, provides instructions on how to patch the <|>exploit. It has been tested on my own lil happy lab network, as well <|>as one one network where I'm a sysadmin. (Tested on Windows XP Home <|>and Pro, SP1a and SP2.) <|> <|>It DOES test for the exploit by attempting to use an "infected" JPG <|>which downloads the instructions for fixing it, if exploited. By <|>viewing the strings in the JPG, you can see the file it downloads and <|>check it out for yourself. It's clean. =) Just contains a batch file <|>and a program to launch the batch file. (The file that gets <|>downloaded <|>is a simple SFX.) Links are below. It contains a warning saying it's <|>about to try to exploit the system and to save data in open programs. <|>(It also warns that Explorer may crash.) <|> <|>I wrote this merely to save myself time and allow friends/family to <|>test their own systems, then patch them without having to call me for <|>help. It's not been tested in every environment and in every <|>scenario. <|>If you find a problem, feel free to email me (exploit _AT_ guidoz <|>_DOT_ com) Obviously I'm not responsible if it's abused <|>somehow, or if <|>it breaks something, etc. Feel free to modify it to suit your own <|>needs, but use it at your own risk. <|> <|>Test can be downloaded from here: <|>http://www.guidoz.com/exploit-test.exe <|> <|>Again, it's just an SFX archive with a batch file. Hopefully it will <|>save someone else some time. I've used it to have friends/family (and <|>a few clients) patch a total of around 30 machines without problems. <|> <|>-- <|>Peace. ~G <|> <|> <|>--__--__-- <|> <|>End of Full-Disclosure Digest <|> Well, guess I'm safe. McAfee saw it as "Exploit-MntRedir.gen" and said...NO! I googled it and it found nothing though. Thought it would atleast lead me to McAfee. McAfee search said: "We found no records matching the following criteria: Virus name containing "MntRedir.gen". Please try narrowing your search by using fewer characters". What gives? thank you Randall M _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [Full-Disclosure] RE: Full-disclosure digest, Vol 1 #1955 - 19 msgs RandallM (Oct 06)
- Re: [Full-Disclosure] RE: Full-disclosure digest, Vol 1 #1955 - 19 msgs list (Oct 06)
- Re: [Full-Disclosure] RE: Full-disclosure digest, Vol 1 #1955 - 19 msgs GuidoZ (Oct 06)
- RE: [Full-Disclosure] RE: Full-disclosure digest, Vol 1 #1955 - 19 msgs RandallM (Oct 07)
- Message not available