Vulnerability Development mailing list archives
Re: Infected jpeg files?
From: Mathias Dybvik <tmdybvik () hotmail com>
Date: Fri, 9 Nov 2001 02:39:38 -0500
The jpeg standard does not encompass any form of executable code in the jpeg itself. Any code you injected into a jpeg document would not be executed by the viewer. There is one exception to this: If there is a certain vulnerability/problem with a particular jpeg viewer, then it is theoretically possible to cause various forms of overflows, and possibly executing code in the viewer/client environment, by extremely carefully crafted pictures. This carefully crafted code would then have to have enough payload to reproduce, i.e. introduce a copy of itself into another jpeg file. This scenario sounds like it has probability greater than zero, yet would be very hard to implement reliably. Any implementation would likely only work on one particular version of one particular jpeg viewer, possibly only on one particular machine/software configuration. More fun use of jpeg viewer problems would probably be to upload jpegs to your web site that selectively crashed viewers/browsers you don't like. :) Steganography is information hiding. Your problem is not to hide information, but to have that information interpreted as code, and executed. The classic *illusion* of an executable jpeg, however, is the "my_picture.jpg.vbs" trick, which fools a lot of windows users that are using default settings in their file viewer. If you have "hide known extensions" enabled, then yes, it *is* possible to get infected by opening a file that *seems to be* a jpg file (but it isn't). Mathias Dybvik On Wed, Nov 07, 2001 at 01:22:40AM -0000, rginski () co pinellas fl us wrote:
Mailer: SecurityFocus Is it possible for a virus to infect a jpeg (*.jpg) file, then the jpg file to infect other files?...without changing the files characteristics? In other words, a jpeg file (file.jpg) is infected and it remains "infected_file.jpg". It is possible for a file type as jpeg to have a payload or cause damage although it's just being viewed? Perhaps something like steganagraphy...except embedding vbs (or something) causing infection by way of the viewer? I guess another way of asking the question is: Is it possible to get infected by just viewing jpeg files?
Current thread:
- Infected jpeg files? rginski (Nov 08)
- Re: Infected jpeg files? Chris D. Sloan (Nov 08)
- Re: Infected jpeg files? Blue Boar (Nov 09)
- Re: Infected jpeg files? jove (Nov 09)
- Re: Infected jpeg files? J Edgar Hoover (Nov 09)
- Message not available
- Re: Infected jpeg files? HackHawk (Nov 09)
- Re: Infected jpeg files? Rob Salmond (Nov 10)
- Re: Infected jpeg files? (viruses) Jonathas Diogenes Castello Branco (Nov 10)
- Re: Infected jpeg files? Brad (Nov 10)
- Re: Infected jpeg files? Chris D. Sloan (Nov 08)
- Re: Infected jpeg files? H C (Nov 09)
- Re: Infected jpeg files? Thor (Nov 09)
- <Possible follow-ups>
- RE: Infected jpeg files? OBrien, Brennan (Nov 08)
- RE: Infected jpeg files? Oliver Petruzel (Nov 09)
- RE: Infected jpeg files? Bruce Ediger (Nov 09)
- RE: Infected jpeg files? Chan, Stephen (TIS, Singapore) (Nov 09)
- RE: Infected jpeg files? OBrien, Brennan (Nov 09)
- RE: Infected jpeg files? Krul Thomas (Nov 09)
- Re: Infected jpeg files? Rob Pickering (Nov 09)