Poison pics show up online: Another MS problem.

Discussion in 'Computer Security' started by John, Oct 1, 2004.

  1. John

    John Guest

    "Viewing jpegs could soon be a risky business
    The first images crafted to contain a malicious program that can take
    control of a PC have been found on the net.

    Security experts have been expecting such images to turn up after
    Microsoft revealed a weakness in the way Windows handles the popular
    Jpeg format.

    Soon after this discovery, a program started circulating online that
    was written to exploit this bug.

    The poisoned images were posted to a porn newsgroup at the weekend and
    were found by Usenet provider Easynews. "

    Visit:

    http://news.bbc.co.uk/2/hi/technology/3701640.stm

    for the full horrifying story.

    Bill
    ..
    ++++ Student Priorities ++++

    Is it true that nym.alias.net is run on a university computer at MIT...
    By students who don't give a flying **** if it works or not
    because it's operation and reliability does not affect their
    grades and doesn't get them any free beer or tight pussy?
    John, Oct 1, 2004
    #1
    1. Advertising

  2. Not a problem if you're running SP2 and have the MS Office updates in place
    :)

    "John" <> wrote in message
    news:...
    > "Viewing jpegs could soon be a risky business
    > The first images crafted to contain a malicious program that can take
    > control of a PC have been found on the net.
    >
    > Security experts have been expecting such images to turn up after
    > Microsoft revealed a weakness in the way Windows handles the popular
    > Jpeg format.
    >
    > Soon after this discovery, a program started circulating online that
    > was written to exploit this bug.
    >
    > The poisoned images were posted to a porn newsgroup at the weekend and
    > were found by Usenet provider Easynews. "
    >
    > Visit:
    >
    > http://news.bbc.co.uk/2/hi/technology/3701640.stm
    >
    > for the full horrifying story.
    >
    > Bill
    > .
    > ++++ Student Priorities ++++
    >
    > Is it true that nym.alias.net is run on a university computer at MIT...
    > By students who don't give a flying **** if it works or not
    > because it's operation and reliability does not affect their
    > grades and doesn't get them any free beer or tight pussy?
    John E. Carty, Oct 1, 2004
    #2
    1. Advertising

  3. John

    Quaoar Guest

    John E. Carty wrote:
    > Not a problem if you're running SP2 and have the MS Office updates in
    > place :)
    >
    > "John" <> wrote in message
    > news:...
    >> "Viewing jpegs could soon be a risky business
    >> The first images crafted to contain a malicious program that can take
    >> control of a PC have been found on the net.
    >>
    >> Security experts have been expecting such images to turn up after
    >> Microsoft revealed a weakness in the way Windows handles the popular
    >> Jpeg format.
    >>
    >> Soon after this discovery, a program started circulating online that
    >> was written to exploit this bug.
    >>
    >> The poisoned images were posted to a porn newsgroup at the weekend
    >> and were found by Usenet provider Easynews. "
    >>
    >> Visit:
    >>
    >> http://news.bbc.co.uk/2/hi/technology/3701640.stm
    >>
    >> for the full horrifying story.
    >>
    >> Bill
    >> .
    >> ++++ Student Priorities ++++
    >>
    >> Is it true that nym.alias.net is run on a university computer at
    >> MIT... By students who don't give a flying **** if it works or not
    >> because it's operation and reliability does not affect their
    >> grades and doesn't get them any free beer or tight pussy?


    Not correct. The affected .dlls are installed in parallel by many
    applications and the unwary *will* eventually be attacked even if XP SP2
    and Office are updated.

    To verify this for yourself, Google for gdiscan.exe (since I do not have
    the link handy). Run it on your seemingly protected system and report
    the results.

    Q
    Quaoar, Oct 2, 2004
    #3
  4. Let me start by saying thanks to Q for mentioning the GDIScan tool, for the
    record the official site for it is:

    http://isc.sans.org/gdiscan.php

    I'm always up to date on patches etc, being an IT admin and it found one
    application I didnt even know used GDI+...

    Scanning Drive F:...
    F:\Jasc Software Inc\Paint Shop Pro 9\gdiplus.dll
    Version: 5.1.3097.0 <-- Vulnerable version
    F:\Microsoft\Office\OFFICE11\GDIPLUS.DLL
    Version: 6.0.3264.0

    Microsoft's GDI Detection tool is shit, they should find a way to seamlessly
    patch all effected versions at the OS level.. you could be entirely patched
    then install something like Jasc's Paint Shop Pro months later and re-open
    this hole, and of course Windows Update would not even know about it. There
    has been a virus writers "toolkit" already released to write malformed
    jpeg's to exploit this hole too. Dont think your secure, your never secure
    with MS :)

    -L
    Locke Nash Cole, Oct 5, 2004
    #4
  5. John

    Quaoar Guest

    Locke Nash Cole wrote:
    > Let me start by saying thanks to Q for mentioning the GDIScan tool,
    > for the record the official site for it is:
    >
    > http://isc.sans.org/gdiscan.php
    >
    > I'm always up to date on patches etc, being an IT admin and it found
    > one application I didnt even know used GDI+...
    >
    > Scanning Drive F:...
    > F:\Jasc Software Inc\Paint Shop Pro 9\gdiplus.dll
    > Version: 5.1.3097.0 <-- Vulnerable version
    > F:\Microsoft\Office\OFFICE11\GDIPLUS.DLL
    > Version: 6.0.3264.0
    >
    > Microsoft's GDI Detection tool is shit, they should find a way to
    > seamlessly patch all effected versions at the OS level.. you could be
    > entirely patched then install something like Jasc's Paint Shop Pro
    > months later and re-open this hole, and of course Windows Update
    > would not even know about it. There has been a virus writers
    > "toolkit" already released to write malformed jpeg's to exploit this
    > hole too. Dont think your secure, your never secure with MS :)
    >
    > -L


    I was also questioning why the MS patch could not be applied to the
    entire array of affected dlls since these are generally called from the
    Windows API. The calls to the dlls should be able to be preserved while
    taking care of the vulnerability so the application wouldn't know the
    difference.

    Q
    Quaoar, Oct 7, 2004
    #5
  6. >I was also questioning why the MS patch could not be applied to the
    >entire array of affected dlls since these are generally called from the
    >Windows API. The calls to the dlls should be able to be preserved while
    >taking care of the vulnerability so the application wouldn't know the
    >difference.


    Apparently they aren't called from the Windows API. I only have one copy of
    gdiplus.dll on my W2K machine, and it was supplied with a third party
    application and stored in the application's folder.
    --
    Dave "Crash" Dummy - A weapon of mass destruction
    ?subject=Techtalk (Do not alter!)
    http://lists.gpick.com
    \Crash\ Dummy, Oct 9, 2004
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jason Hogan

    pics no pics

    Jason Hogan, Feb 1, 2004, in forum: Computer Support
    Replies:
    1
    Views:
    547
    ┬░Mike┬░
    Feb 1, 2004
  2. Jessica

    Camcorder still pics vs digcam pics

    Jessica, Sep 25, 2003, in forum: Digital Photography
    Replies:
    4
    Views:
    4,906
    Jessica
    Sep 26, 2003
  3. John Corbett

    512MB CF 69 pics, 256Mb xD 71 pics??

    John Corbett, Oct 31, 2003, in forum: Digital Photography
    Replies:
    8
    Views:
    984
    Jerry
    Nov 1, 2003
  4. John E. Carty

    Re: Poison pics show up online: Another MS problem.

    John E. Carty, Oct 4, 2004, in forum: Computer Security
    Replies:
    0
    Views:
    377
    John E. Carty
    Oct 4, 2004
  5. W.Henry

    poison ivy

    W.Henry, Jul 11, 2006, in forum: Computer Support
    Replies:
    34
    Views:
    1,269
    Leythos
    Jul 14, 2006
Loading...

Share This Page