Full Disclosure mailing list archives
JPEG GDI
From: str0ke () milw0rm com
Date: Tue, 28 Sep 2004 12:51:56 -0500 (CDT)
Berry, I appreciate the information. I would think newgroup postings would be a little evil aswell. str0ke //////////////// Here's my understanding of it: The bug can be exploited whenever an application that relies on a vulnerable version of gdiplus.dll to render jpeg image files onscreen (Or, I suppose, in any other way that gdiplus.dll can be used to process jpegs - I'm not familiar with the GDI+ interface). That includes IE, Office applications, or anything that relies on a vulnerable gdiplus.dll file. What are the ramifications of this? I think that the predictions of worms based on this are a bit far-fetched. Would it be possible to create a jpeg that would copy itself to other drives on a shared network in an auto-executable position? I suppose so... however, it would be noisy and probably wouldn't be amazingly successful. Having a worm installer within a jpeg is plausable, though. I'd consider the following scenarios to be plausable: - JPEG in nefarious web page includes malicious code. - JPEG in SPAM includes malicious code. - JPEG in mass-mailer worm includes malicious code. - JPEG in ad pop-up/sidebar includes adware/spyware installer. (malicious) - Mass-mailer worm includes an attachment for a known vulnerable third-party program that trigger the GDI+ vuln. (how sucessful this might be would depend on the application being attacked.) - Download.Jecht style mass-compromise of websites to embed malicious code inside of JPEGs. Those are the most plausable scenarios I can think up for this. Anything else is unlikely in my thoughts. -Barry ///////// [EOF] //////// _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- JPEG GDI str0ke (Sep 28)
- Re: JPEG GDI Barry Fitzgerald (Sep 28)
- Re: JPEG GDI Barrie Dempster (Sep 28)
- <Possible follow-ups>
- RE: JPEG GDI Todd Towles (Sep 28)
- Re: JPEG GDI GuidoZ (Sep 28)
- Re: JPEG GDI Barry Fitzgerald (Sep 28)