Re: Possible GDI Exploit Vector

[Babar Shafiq Nazmi <babarnazmi () gmail com>]

I tried to put a jpeg in my profile pic and in emotion panel for
testing the same on msn 6 which is created by GDI flaw(remote shell
binding code), but msn 6 complains about the jpeg image.
(The image can't be displayed or resized, Please try again,or select
another image)
thats y I don't thin msn6 uses GDI to render images in display and in emotions. 
But i can send infected image to ppls who are not using updated
Antivirus/patched by file transfers. This is still dangerous.

Babar Shafiq


On 29 Sep 2004 09:26:19 -0000, james_love () agilent com
<james_love () agilent com> wrote:
> Does anyone know if MSN Messenger 6 uses GDI+ to render jpeg images that appear as the profile images you see in MSN 
> 6 Chat windows? If so, this could provide an extremely fast way to propagate a worm using the GDI+ flaw. All you 
> would need to do to start it off is set the crafted image as ur profile picture, start conversations wtih people you 
> know have MSN6 installed, and, if by default they display the other users' profile picture,they're machine would 
> process the image and carry out any nasty deeds the image has within it (if the machine's not patched).
>
> For the worm to propagate, it would need to craft its code into the current users profile picture, and every time the 
> infected user started a conversation with someone, it would spread as soon as the other user viewed the profile 
> picture within the chat window.
>
> The speed of spread would be enormous, granted that most people dont have up to date virus scanners/definitions and 
> have not patched their machines. Plus it would be nearly impossible to determine where the virus came from, where it 
> started off.
>
> All this, of course, is only possible if MSN Messenger 6 does indeed use GDI+. Does it?

-- 
God is a great Programmer