Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

FW: [Full-Disclosure] MS04-028 Jpeg EXPLOIT with Reverse and Bind shell ...

From: "Faigle, Chris" <cfaigle () RICHMOND EDU>
Date: Sat, 25 Sep 2004 09:24:10 -0400
Cross post from Full-disclosure list.



Read the notes within the code for the author's notes on the attack vectors.
The e-mail worm may not be far off.



Also see info on a JPEG HackTool that takes a JPEG and a URL and creates
jpeg which downloads and executes whatever is at the URL:

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=HKTL_JPGDOWN
.A
<http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=HKTL_JPGDOW
N.A&VSect=T> &VSect=T



Update virus defs constantly, patch XP to SP2 and update your Office
installs.



Chris Faigle

IS Security

University of Richmond







  _____

From: ElviS .de [mailto:elvi52001 () yahoo com]
Sent: Saturday, September 25, 2004 8:12 AM
To: full-disclosure () lists netsys com
Subject: [Full-Disclosure] MS04-028 Jpeg EXPLOIT with Reverse and Bind shell
...



the last step before the worm



http://www.k-otik.com/exploits/09252004.JpegOfDeath.c.php
<http://www.k-otik.com/exploits/09252004.JpegOfDeath.c.php>

!


**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.
Previous By Date Next
Previous By Thread Next

Current thread: