Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Public Exploit For Windows JPEG Bug

michael posted more than 9 years ago | from the here-comes-the-worm dept.

Bug 509

Khoo writes "A sample program hit the Internet on Wednesday, showing by example how malicious coders could compromise Windows computers by using a flaw in the handling of a widespread graphics format by Microsoft's software. Security professionals expect the release of the program to herald a new round of attacks by viruses and Trojan horses incorporating the code to circumvent security on Windows computers that have not been updated. The flaw, in the way Microsoft's software processes JPEG graphics, could allow a program to take control of a victim's computer when the user opens a JPEG file." We mentioned this earlier.

cancel ×

509 comments

Sorry! There are no comments related to the filter you selected.

That's it... (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#10327680)

I'd better stop reading Fark!

Patch is already out (5, Informative)

Jeffv323 (317436) | more than 9 years ago | (#10327739)

Pick your OS and download it here [microsoft.com]

Also, if you have SP2 or uh, don't use MS software, you're fine :)

Re:Patch is already out (1)

gl4ss (559668) | more than 9 years ago | (#10327869)

depends.

you could still have vulnurable 3rd party software that used the exploitable code in it.

Re:Patch is already out (5, Informative)

BoldAC (735721) | more than 9 years ago | (#10327897)

Come on guys! This is slashdot!

Where is the downloadable link to the second proof of concept code?

Here's the link to the first POC:
http://www.gulftech.org/?node=downloads [gulftech.org]

The first POC just generates the buffer overflow crash. Interesting enough, on an unpatched system, just having the jpg on your desktop caused by explorer to crash - repeatedly. I am assuming as XP tried to generate the thumbnail. However, if viewed through a web page, I could view it fine.

I've been looking for the second POC code since yesterday. It supposedly opens a cmd prompt when the crafted jpg is viewed.

AC

Re:That's it... (0)

Anonymous Coward | more than 9 years ago | (#10327872)

This is going to wreck havoc when it's combined with spam. People that haven't patched, I'm sure also will open all of their mail messages with images displayed automatically.

first jpeg post (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#10327682)

wheeeeee

heheheh (-1, Offtopic)

airdrummer (547536) | more than 9 years ago | (#10327683)

doncha just luv it:-)

Re:heheheh (1, Insightful)

Anonytroll (751214) | more than 9 years ago | (#10327701)

doncha just luv it:-)


No. And neither should you.

y!? (1)

airdrummer (547536) | more than 9 years ago | (#10327779)

maybe this'll finally b the 2x4 that gets the attention of all those microserfs;-)

Re:heheheh (0)

Anonymous Coward | more than 9 years ago | (#10327835)

Indeed.
Instead of a nice howto insert stuff into jpgs i got a lame news story.

Now, where is the stuff that matters?

pr0n (5, Funny)

Lord Prox (521892) | more than 9 years ago | (#10327721)

Damn. Now in addition to worring about going blind I also have to worry about catching something.

fr1st fs0t. (-1, Troll)

caluml (551744) | more than 9 years ago | (#10327685)

0 comments? Ah well, fr1st fs0t.

FP (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#10327687)

FP

Knew it (3, Funny)

Anonymous Coward | more than 9 years ago | (#10327688)

I knew there was something wrong with Goatse when I saw it!

Re:Knew it (4, Funny)

jb.hl.com (782137) | more than 9 years ago | (#10327804)

It's a gaping security hole.

Everyone knew it (4, Funny)

Pan T. Hose (707794) | more than 9 years ago | (#10327887)

I knew there was something wrong with Goatse when I saw it!

Everyone knew it was a backdoor.

Almost... (3, Interesting)

mirko (198274) | more than 9 years ago | (#10327694)

Now, to convince my company's managers to switch their userbase to Firefox, I just need it to support Sso (Single sign-on), please, tell us it's coming otherwise we'll keep using this tyrabrowsaurus...

Re:Almost... (3, Interesting)

pcardno (450934) | more than 9 years ago | (#10327720)

Is anyone working on Single Signon for the Firefox/Mozilla platform? We're stuck using IE here as well as we've integrated Netegrity's Siteminder with Windows Single Sign On into the whole Active Directory thing (i.e. sign into your Windows computer and from that IE can figure out who you are so personalises our Intranet) but I'd rather we could get over to Firefox simply cos it's faster and less buggy!

Oh, and then other people in the company wouldn't sniff at me for using it!!

troll. (-1)

Anonymous Coward | more than 9 years ago | (#10327809)

firefox is not faster than internet explorer. not even close.

Re:troll. (2, Interesting)

Skye16 (685048) | more than 9 years ago | (#10327834)

Really? It loads pages faster for me. Sure, the initial start up time is worse, but...

Just because you took his comment out of context doesn't mean he's a troll. :P

Re:troll. (0)

pcardno (450934) | more than 9 years ago | (#10327855)

OK - I apologise for my comment..

I'd like our company to switch to Firefox as in my own, personal, valueless opinion and experience, I find it to be faster at rendering pages and less likely to crash than Internet Explorer. But this is purely my own opinion and experience, and results may vary. No animals were harmed in the making of this comment.

Single sign-on for a browser? (0, Informative)

Anonymous Coward | more than 9 years ago | (#10327724)

Can you elaborate about the single sign-on function you want? I can image what single sign-on is in relation to a file server, but I'm not sure how a browser would use this.

Re:Single sign-on for a browser? (4, Informative)

pcardno (450934) | more than 9 years ago | (#10327755)

You can do something with Active Directory to enable single sign on so that your browser can use your Windows credentials to figure out who you are.

An example being that I log into my laptop on the corporate network in the morning, but then never need to log into our Intranet. It uses my Active Directory credentials to figure out who I am, so displays my own customised and personalised Intranet settings.

I'm not too sure how it works but it's very handy!

Re:Single sign-on for a browser? (1)

Sir Fredman (740490) | more than 9 years ago | (#10327794)

Yep, very handy, we do the same thing with intranetsites we develop (including our own)...

Re:Single sign-on for a browser? (1)

byolinux (535260) | more than 9 years ago | (#10327840)

Single Sign On works, I think, only the user will need to have their username/password saved in Firefox.

Re:Single sign-on for a browser? (2, Informative)

silence535 (101360) | more than 9 years ago | (#10327856)

It is called NTML [sourceforge.net] authentication.

-jsl

Re:Single sign-on for a browser? (1, Funny)

pedestrian crossing (802349) | more than 9 years ago | (#10327881)

I guess your .sig is apropos. It is NTLM (NT Lan Mangler)...

Re:Almost... (5, Insightful)

lphuberdeau (774176) | more than 9 years ago | (#10327763)

Browsers are not the only problem. Many companies use outlook as a mail client. Someone could simply include a jpeg image to the mail and since images are loaded by default, they would infect everyone. Seriously, the only way around this is to update software. Microsoft already has a patch for this I think.

Microsoft patches (4, Funny)

Anonymous Coward | more than 9 years ago | (#10327811)

You can make a big fucking quilt with all those patches they keep giving out!

Re:Almost... (5, Interesting)

SenseiLeNoir (699164) | more than 9 years ago | (#10327847)

This is exactly the problem I fear. All it takes is one spammer/cracker to bulk mail a hundred of pictures to random HTML accounts (Hotmail, etc).. and you can see exactly where this is going to lead.

Also those who use Firefox may not be 100% protected, because consider this scenario.

1. Install Firefox
2. Set Firefox as default browser
3. Use MSN Messenger.
4. MSN messenger pops up "you have new hotmail"
5. Click link to see new mail, MSN Messenger opens up in INTERNET EXPLORER despite setting firefox as the default browser.
6. You are owned.

I am more concerned that after this, people may even mistakenly critisize Firefox, thinking that Firefox was there default browser, and that they got infected via firefox, instead of IE.

"I set up this firefox thingie, and set it as a default browser, yet I still have a virus, by just reading my email. Firefox is just as bad as IE"

A second attack vector could be to change the mimetype of the JPEG, causing Firefox to download, then open it in the system handler for JPEGS.. and a possibility of being owned that way.

Still this may also be very good grounds for a class action against MS, as they are not honouring a users request NOT to use IE.

This all goes to prove, MS is a security hole, that can even make secure applications appear insecure

Ow, my head hurts from thinking of this.. let me get some Paracetamol.

Re:Almost... (4, Informative)

liquidpele (663430) | more than 9 years ago | (#10327895)

That's why you:
1) go close msn messenge
2) go to c:\program_files\messenger
3) rename that directory to something else.
4) Msn won't start up again. yay!

Why anyone would use msn messenger is beyond me, I hate that thing. It's more annoying than clippy. They just need a soundbyte with it that yells "you've got spam!" and it'll be complete.

Re:Almost... (4, Informative)

YrWrstNtmr (564987) | more than 9 years ago | (#10327882)

Many companies use outlook as a mail client. Someone could simply include a jpeg image to the mail and since images are loaded by default,

OL2003 has image loading off by default. "RightClick to display this image."
Of course, most people are on earlier versions, but at least MS is putting in an effort to stem the tide.

Re:Almost... (5, Insightful)

enigmals1 (667526) | more than 9 years ago | (#10327816)

Switch to Firefox?! Why, what's that gonna do for you? The exploit is in almost every major app Microsoft makes that handles any graphics, including Windows itself, .Net Framework, all Office products, etc.

People are so quick to blame IE when there's so many other products they can go after. ;)

Re:Almost... (0)

Anonymous Coward | more than 9 years ago | (#10327829)

single sign on is implemented on the server, not the client

Re:Almost... (1)

Laverne (700282) | more than 9 years ago | (#10327878)

Perhaps it is possible to create such an environment using http://nufw.org/ [nufw.org]


NuFW performs an authentication of every single connection passing through the IP filter, by transparently requesting user's credentials before any filtering decision is taken. Practically, this means security policies can integrate with the users directory, and bring the notion of user ID down to the IP layers.

Patch is Already Out (5, Informative)

darkmeridian (119044) | more than 9 years ago | (#10327695)

The patch for this one is already out. Furthermore, SP2 systems do not have this vulnerability unless Office is installed. SP2 by default has auto-updates enabled. And for Office to be exploited in a SP2 system, the user has to open the file manually.

Code is always buggy. Even Firefox had a JPEG vulnerability of its own. This is dumb ownership, if this bug becomes prevalent.

Re:Patch is Already Out (2, Insightful)

RDosage (694318) | more than 9 years ago | (#10327736)

This is dumb ownership, if this bug becomes prevalent.

Sort of like it was dumb ownership to leave your SQL machine open to the Internet, allowing port 1334 open?

Or it was dumb to open any of the attachments claiming to be from your administrator sending a passworded zipped file with some "clean-up tool" attached?

We have proven that users aren't the one's responsible enough not to do something dumb. And, SP2 is still undergoing testing in many office environments.

Re:Patch is Already Out (-1, Redundant)

darkmeridian (119044) | more than 9 years ago | (#10327751)


This is dumb ownership, if this bug becomes prevalent.

Sort of like it was dumb ownership to leave your SQL machine open to the Internet, allowing port 1334 open?

Or it was dumb to open any of the attachments claiming to be from your administrator sending a passworded zipped file with some "clean-up tool" attached?

We have proven that users aren't the one's responsible enough not to do something dumb. And, SP2 is still undergoing testing in many office environments.


I said that this was dumb ownership, not dumb usership. There's a difference, you know?

Re:Patch is Already Out (0)

Anonymous Coward | more than 9 years ago | (#10327839)

<blockquote>I said that this was dumb ownership, not dumb usership. There's a difference, you know?</blockquote>

no, i don't know. who is the agent of ownership? this could very well mean the same damn thing as usership. on the internet, no one knows what you mean, only what you write. keep that in mind.

Re:Patch is Already Out (5, Funny)

Gzip Christ (683175) | more than 9 years ago | (#10327738)

This is dumb ownership, if this bug becomes prevalent.
Phew... I was worried there for a second. It's a good thing we can rely on Windows users to not be dumb, otherwise the Internet would be bogged down in viruses, spyware, and spam.

Re:Patch is Already Out (4, Insightful)

darkmeridian (119044) | more than 9 years ago | (#10327765)


This is dumb ownership, if this bug becomes prevalent.

Phew... I was worried there for a second. It's a good thing we can rely on Windows users to not be dumb, otherwise the Internet would be bogged down in viruses, spyware, and spam.


Well, most users are, uh, stupid. Even if we used Linux, in order to make it simple enough to use, there will be vulnerabilities. For example, getting people to use "sudo" with a limited account makes sense to you and me, but might confuse the heck out of some newbie in Tennessee.

So it is not a Windows-specific problem. If Linux ever becomes popular as a desktop platform, we will then have dumb Linux users.

Re:Patch is Already Out (3, Interesting)

Epistax (544591) | more than 9 years ago | (#10327747)

Still, I have to wonder how they internally wrote code to let things like this happen. It seems to me you want to write your program such that if something unintentioned does happen, it is at least bound by what it can do. Execution stemming from a jpeg? Oh, come on :P

Re:Patch is Already Out (5, Informative)

maxwell demon (590494) | more than 9 years ago | (#10327886)

Well, you know, that's called a software bug. A software bug is by definition something you didn't intend.

Actually, it's a buffer overflow. A buffer overflow means that there is some area of memory reserved for some data, and then there's more data written to it than fits in. This causes some other data to be overwritten; if that other data happens to be a return address (basically a number which tells the computer where to continue after finishing the current task), then you can get the computer to execute arbitrary code which is in memory - including the code you just conveniently placed into the memory as "image data".

I don't know details of the JPEG image format, but with a simple bitmap format, a buffer overflow might happen as follows:

The image contains the number of pixels, and the bytes per pixel. The program takes those numbers, multiplies them, and reserves that much memory to take the pixel values. Then it reads the rest of the file as image data into that memory.

Now, this simple program for this simple image format may be easily exploited: Just put more data into the image than the product of number of pixels and bytes per pixel. Then the program as written will not reserve enough memory for that data (because the values at the beginning don't tell the truth), and therefore the data will overwrite anything following the data.

Ok, the fix is easy: Don't read more data than you allocated memory for. The problem is that on one hand, there are C standard functions which make it easy to get that wrong, and second, there can be more subtle ways to produce the same result. For example, the multiplication could overflow, resulting in too little memory being allocated, while the given number of pixels is read in (under the believe that you have reserved enough memory for that).

And yes, buffer overflows happen in open source software as well as in Microsoft software.

Re:Patch is Already Out (0, Redundant)

Jeffv323 (317436) | more than 9 years ago | (#10327769)

The patch for this one is already out. ... and is available :) [microsoft.com]

OK mods, now give me a +5 Informative for my hard work!

Re:Patch is Already Out (1)

Jeffv323 (317436) | more than 9 years ago | (#10327786)

... yep, supposed to be a "here" in there somewhere.. ah damn

Re:Patch is Already Out (1)

toomanyhandles (809578) | more than 9 years ago | (#10327772)

>This is dumb ownership, if this bug becomes prevalent
???
Are you saying that few people who have Office installed, ever open jpegs on their own???

I see this as one of the best ways to involve users in the spread of unwanted payloads.

SP2 is going to take a long time to be applied (it doesn't work well, isn't very secure, and is a HUGE download for non-broadband).
And even if you have SP2, users have to have patched Office as well.
I see this as being a problem for a good long time to come. There are so many things that can be done with it.

What if the patch hurts? (0)

Anonymous Coward | more than 9 years ago | (#10327828)

I can't use SP2. It does really bad things to my 2 XP boxes. ...which both have Office installed.

Until now, I've always conscientiously applied patches and safe practices to my Windows boxes.

Now I'm between a rock and a hard place.

Re:Patch is Already Out (0)

Anonymous Coward | more than 9 years ago | (#10327836)

No objection to the always buggy theory, but right now code is WAY TOO BUGGY. There are entire classes of bugs which can be avoided automatically, without additional programmer time. Yet we still see these bugs every day. Is failure to update really the users' fault when you have to download several megabytes of updates almost every week with a rapidly decreasing warning time of now merely days?

Software needs to become much better before we can point fingers at users who keep using buggy software. For some people computers are tools, not their favorite pastime.

Oh, about SP2: If Microsoft really wanted to help security, they would offer a provably anonymous update solution. I have a legal copy of XP, but I simply do not want my computer to talk to a convicted anti-competitive corporation any more than necessary. Why would MS need any information from me except the list of patches I need? It is my own damn business if I updated my graphics card since I last contacted windowsupdate.

PNG too? (3, Interesting)

cpghost (719344) | more than 9 years ago | (#10327699)

What about the vuln. in the PNG libs? Any exploit in the wild?

Re:PNG too? (5, Informative)

Deviate_X (578495) | more than 9 years ago | (#10327823)

Spammers (5, Interesting)

sleepnmojo (658421) | more than 9 years ago | (#10327700)

The biggest problem here is when spammers use this in there opt out link. This would probably be much more effective than the scrollbar hack they are using now. It just has to render the damn page, and wham you're infected.

Re:Spammers (4, Informative)

don_carnage (145494) | more than 9 years ago | (#10327716)

HTML-formatted email + Outlook = Bad day for Grandma.

Re:Spammers (1)

SenseiLeNoir (699164) | more than 9 years ago | (#10327870)

As i said in an earlier comment.. no need for outlook:

HTML Mail + *ANY* web based email system + Unpatched Internet Exploder = bad day for ALL

I cannot help but grin ... (1, Interesting)

YetAnotherName (168064) | more than 9 years ago | (#10327707)

... when reading stories like this on my desktop computers, one of which is a Linux, the other of which is a Mac OS X ...

Sure, they're not immune from security holes, exploits of various kinds, viruses and what-not ... but I have a strong suspicion that, even if they had as wide a user base as Windows, they'd still be more secure. The level of polish and craftsmanship of open source software (recall OS X's open source roots) can never be duplicated by Microsoft's paranoid and closed-doors efforts.

Re:I cannot help but grin ... (5, Insightful)

Pieroxy (222434) | more than 9 years ago | (#10327748)

but I have a strong suspicion
Everyone is entitled to its own suspicion.

The level of polish and craftsmanship of open source software
As opposed to the level of polish and craftmanship of Microsoft's products, of which you know nothing. So you are comparing apples to ... well something you just don't know. Good luck for being objective.

Re:I cannot help but grin ... (2, Insightful)

LousyPhreak (550591) | more than 9 years ago | (#10327854)

well... "know nothing" is not really true counting the numerous holes, fixed holes and whatnot, and also the rather long response times for some of them...

yes i know open source software also has numerous bugs, but as its "open" source the flaws are usually much faster found and fixed within hours (if possible)

Re:I cannot help but grin ... (4, Interesting)

YetAnotherName (168064) | more than 9 years ago | (#10327903)

of which you know nothing

As a user of Microsoft products, I witness their lack of stability, their tendency to crash or exhibit bugs, and their uncanny ability of corrupting user data, and so forth. After putting up with them for so long, I know quite a bit about them.

Moreover, I used to be an employee. I worked at the Redmond campus. I know both the quality exhibited on the outside, and the quality that goes into the products on the inside.

I do indeed know something.

The level of polish and craftmanship of OSS... (0)

Anonymous Coward | more than 9 years ago | (#10327909)

Microsoft themselves have even aknowledged "that commercial quality can be achieved / exceeded by OSS projects." See Halloween I [opensource.org]

Re:I cannot help but grin ... (1)

aug24 (38229) | more than 9 years ago | (#10327911)

the level of polish and craftmanship of Microsoft's products, of which you know nothing

But we all can, and do, infer that level from... well, the number of security risks, our own knowledge of the open source process etc, cruft....

Ah, no, hang on, looking at your last ten posts, I realise that you're just an argumentative dick. Forget I posted this.

Justin.

Re:I cannot help but grin ... (-1, Troll)

Anonymous Coward | more than 9 years ago | (#10327749)

omg troll.

Re:I cannot help but grin ... (0)

Anonymous Coward | more than 9 years ago | (#10327792)

recall OS X's open source roots

Yeah, it's called "All we can do is make I eyecandy and since we suck so bad at real innovation we'll take advantage of someone else work for free".

But then again that's what you get for using the BSD license.

Re:I cannot help but grin ... (2, Insightful)

IamTheRealMike (537420) | more than 9 years ago | (#10327914)

The level of polish and craftsmanship of open source software

Open source software has plenty of bugs, duh.

In fact, there are similar problems with parsing image files on Linux as well. Except that Windows is actually more secure, because it has auto-updates turned on by default from XP2 onwards, and stack protection type patches built in by default. On Fedora you have execshield, but that hasn't been fully upstreamed yet so only a small subset of Linux users are protected. I don't know of any distros that download and apply security patches with no user intervention out of the box.

(recall OS X's open source roots)

Even if open source software was perfect (which it isn't) large parts of MacOS X are not open source. Most of the important bits aren't, in fact. Surprise surprise, the Mac has had serious URL handler exploits which are like this JPEG problem: arbitrary code execution via a web browser. Except in the case of the Mac URL handler problems it was a design problem not just an unchecked buffer, to do with insecure-by-design features. D'oh. ActiveX all over again.

So, no, I don't trust Apple any more than Microsoft when it comes to security. How can you? They are both proprietary OS companies, with all the issues that implies.

can never be duplicated by Microsoft's paranoid and closed-doors efforts

These days Microsoft have dedicated programs scanning their code looking for suspicious patterns, security testing teams, and give their developers extensive training in how to write secure code. These are advantages not available to open source coders. If anything I'd say they're close to taking the lead in absolute terms for security (by which I mean, assume equal market share for Windows, Linux, Macintosh - which is more secure).

Just looking at it is dangerous... (0, Redundant)

DenDave (700621) | more than 9 years ago | (#10327709)

It was no surprise, we saw it coming only now it is in the wild and again, our corporate infrastructure has to worry about stuff we didn't hire them to worry about. All of this is going to end up figuring in the total cost of operation of any windows based infrastructure. We simply can no longer deny it and the time is coming when people will have to make hard choices. Me, I am a (home) linux user since years so I fear not change. My colleagues and coworkers however see things differently and now, in this day and age of worms, viri, malware and Jpeg of death, their fears grow..

Patch already out (-1, Offtopic)

Jeffv323 (317436) | more than 9 years ago | (#10327710)

Pick your OS and download it here!

Re:Patch already out (3, Informative)

Jeffv323 (317436) | more than 9 years ago | (#10327752)

Pick your OS and download it here!

Of course here, is this place --> here [microsoft.com]

I knew that preview button was good for something

Can someone confirm... (3, Interesting)

Boss, Pointy Haired (537010) | more than 9 years ago | (#10327711)

...because I have not seen this mentioned at all.

Is the JPEG rendering in Firefox running on Windows independent of any underlying MS library and is therefore not affected?

Re:Can someone confirm... (2, Informative)

Soul-Burn666 (574119) | more than 9 years ago | (#10327754)

I can't confirm for 100%, but I can confirm there was a similar exploit for the JPEG rendering system Firefox uses, and it is patched at 1.0PR, and _maybe_ in previous versions.

Re:Can someone confirm... (1)

SenseiLeNoir (699164) | more than 9 years ago | (#10327891)

It was a bug in libPNG (a free implementation library) used for rendering PNGs, and strangely effected IE too (hmmm).

This has definately been patched by Mozilla in all current releases, and in Netscape 7.2

Re:Can someone confirm... (3, Informative)

darkmeridian (119044) | more than 9 years ago | (#10327778)

...because I have not seen this mentioned at all.


Is the JPEG rendering in Firefox running on Windows independent of any underlying MS library and is therefore not affected?


It is independent of all MS libraries. The recent JPEG vulnerability in Firefox is a separate issue. Firefox is OSS, and thus cannot use closed-source libraries such as the MS one in trouble.

Re:Can someone confirm... (4, Informative)

Sanity (1431) | more than 9 years ago | (#10327814)

The recent JPEG vulnerability in Firefox is a separate issue. Firefox is OSS, and thus cannot use closed-source libraries such as the MS one in trouble.
If that were true, then you wouldn't be able to use OSS on a non-OSS operating system, since eventually the OSS needs to link with non-OSS code.

Re:Can someone confirm... (1)

T-Ranger (10520) | more than 9 years ago | (#10327890)

And, for that matter, closed source does not necessaraly mean that you are not allowed to use it. Im sure there exists at least one library, prodced by a money grubbing company, released as binaries only, but you are allowed to use it any way you want.

Re:Can someone confirm... (1)

ceeam (39911) | more than 9 years ago | (#10327880)

Whoever modded as "informative" please burn your mod points and answer me - WHAT'S INFORMATIVE IN THERE? A QUESTION??? Yes, as for the question - what NT kernel version Linux uses? (Mod me up! :)

Re:Can someone confirm... (1)

Jeffv323 (317436) | more than 9 years ago | (#10327900)

Is the JPEG rendering in Firefox running on Windows independent of any underlying MS library and is therefore not affected?

Furthermore... What about Opera? I did a quick scan of their forums and found nothing.

So what? Burn all JPEGs day? (2, Interesting)

Advocadus Diaboli (323784) | more than 9 years ago | (#10327714)

On November 5 1999 we had the "Burn all GIFs" day because of patent issues. Shall we announce a "Burn all JPEGs" day because of Microsoft security issues now and switch all to PNG?

Re:So what? Burn all JPEGs day? (4, Informative)

Ford Prefect (8777) | more than 9 years ago | (#10327742)

Shall we announce a "Burn all JPEGs" day because of Microsoft security issues now and switch all to PNG?

Well, you could, but don't forget the recent bugs in libpng [slashdot.org] ... ;-)

Re:So what? Burn all JPEGs day? (2, Funny)

maxwell demon (590494) | more than 9 years ago | (#10327745)

No, this time it's "Burned by JPEGs" day!

No - Burn IE day... (1)

tiger99 (725715) | more than 9 years ago | (#10327798)

... where we all download IEradicator or the appropriate litepc for our OS, and simultaneously eradicate the trash from out computers.

(www.litepc.com)

Related links? (4, Interesting)

caluml (551744) | more than 9 years ago | (#10327722)

What's all this stuff in the related links?

. Bug whitepapers
. Best deals: Bug
. More Bug stories
. Security whitepapers
. Best deals: Security
. More Security stories
. Windows whitepapers
. Best deals: Windows
. More Windows stories
. Microsoft whitepapers
. Best deals: Microsoft

When did that start happening?

Are you patched? (4, Interesting)

UnderAttack (311872) | more than 9 years ago | (#10327725)

These early POC exploits are covered in todays
ISC Diary [sans.org] . Note that now there is a script to generate images to add an Admin level user (username "X").

Not too long until we see a remote shell.

Some people are tlaking about seeing it used in an MSN Messenger worm.

The hard part about patching this one is that a lot of third party software may overwrite the Windows JPEG GDI library with its own older version :-/

Why so much noise? (2, Insightful)

Cyberax (705495) | more than 9 years ago | (#10327731)

So much noise about an ordinary Windows insecurity...

IMHO, Longhorn with .NET core is the last Microsoft's chance to correct its public image as the 'most insecure software vendor'.

Another question: when will Longhorn be out before Duke Nukem Forever?

Re:Why so much noise? (1)

lphuberdeau (774176) | more than 9 years ago | (#10327775)

Another question: when will Longhorn be out before Duke Nukem Forever?

Actually, they might simply replace Solitare for Duke Nukem Forever when Longhorn releases.

safe sex (5, Funny)

gusmao (712388) | more than 9 years ago | (#10327732)

Does that mean when you watch porn on the Web it is not safe sex anymore? Damn it!!!

Moving pictures... (2, Funny)

cwebb1977 (650175) | more than 9 years ago | (#10327733)

Well, no more JPEG porn for windows users. Good thing there's more than enough naughty movie stuff out there. But what if Windows Media Player has another security flaw? No more porn at all?

Re:Moving pictures... (1)

0123456 (636235) | more than 9 years ago | (#10327785)

"what if Windows Media Player has another security flaw"

Well, that porn .asf file can be set to automatically open a web page from Media Player which contains a JPEG that takes over your machine...

God knows what moron thought it would be a good idea to let movie files open a web page without even asking you.

OpenBSD (0, Offtopic)

pklinken (773410) | more than 9 years ago | (#10327734)

fixed this one 6 months ago..

Windows 2000 isn't on the list.. (0)

Anonymous Coward | more than 9 years ago | (#10327735)

..hooray! Another good reason to stay away from XP.

patch has been available for a while now (5, Informative)

jeffs72 (711141) | more than 9 years ago | (#10327746)

And it actually works fairly well. It scans for any program that reads these files and makes sure they don't have the bug in them. If it can't patch them, it bugs you about it so you can find a fix for the app. Only Microsoft apps of course, I don't think Adobe wants Microsoft pushing out software updates for them.

Most of the users I have to support aren't savvy enough to add a printer (omg, with active directory it's like 3 mouse clicks) or install software or apply updates (we use some banking software and it notifies you with a text box to click "OK" and then "File, Update" but I still get called on it every time). That's why at our offices we use Microsoft System Update Server (SUS). It lets us approve patches and then roll them out to all the clients in the domain automagically.

I shudder to think what would happen if I tried to roll out firefox or mozilla to everyone. I'd probably get calls that their "e" was missing and they couldn't connect to the internet. I swear, some people just shouldn't be on computers.

I hope MPEG decoding not affected... (1)

Flatline_hun (777281) | more than 9 years ago | (#10327756)

...or else I can't enjoy downloaded ..khm.. educational .. clips at the workplace.

Crashes IE on fully patched XP / SP2 machines (0, Offtopic)

Anonymous Coward | more than 9 years ago | (#10327757)

Have a look before it gets slashdotted: http://sylvana.net/test/AP4.jpg

Re:Crashes IE on fully patched XP / SP2 machines (0)

Anonymous Coward | more than 9 years ago | (#10327915)

This file also crashes IE 5 for Mac OS X.

hmm someone predicted this (5, Insightful)

minus_273 (174041) | more than 9 years ago | (#10327782)

about a year or so back there was a slashdot story about i think macafee researchers talking about viruses being transmitted over images. Everyone called it stupid market speak from a firm trying to sell more AV products by scaring people with somthing that is not possible. I think we all need to offer them an apology. I think this is a bizzare parallel to when people used to joke about email viruses way back in the min 90s. Kind of sad that it is real now. It will be even more so when images are used for exploits too. Though, i suspect those at most risk are those that go to websites looking for lots of images...

Hard to patch (5, Interesting)

Manip (656104) | more than 9 years ago | (#10327788)

This bug exists in most Microsoft Software. So for someone to patch they can't simply connect to Windows Update and consider themselves safe, they also have to patch Office, Visual Studio, some Microsoft Games, Server Software (misc, not covered by Update) and more.

So don't sit there on an SP2 system and consider yourself safe. There is more than likely a whole host of ActiveX controls just waiting to be called and exploited by this bug.

Also note that some applications written in Visual Basic can also be exploited.

Re:Hard to patch (2, Informative)

mikechant (729173) | more than 9 years ago | (#10327857)

Yes, and also note that the not totally clear wording in the MS article might lead (for example) one to think that you are safe in Win98 because MS lists it in the 'Software not affected' list. But IE6 *is* affected even if you are running it on Win98.

ho to find it? (2, Insightful)

RosCabezas (610805) | more than 9 years ago | (#10327789)

Is there a tool to proccess jpg files searching for malicious content?

Re:ho to find it? (1)

3rd_Floo (443611) | more than 9 years ago | (#10327865)

oh no! We might be waiting till Longhorn is released if it has to scan my collection!

Oh Oh!! (1)

WindowLicker916 (704800) | more than 9 years ago | (#10327795)

Just imagine all the malicious porn pictures that will be circulating the internet forever. Upside is that there is more free porn ;)

Help Save America (-1, Offtopic)

leon.gandalf (752828) | more than 9 years ago | (#10327837)

The Paul Revere Society Needs You!

The Paul Revere Society 8-Point Program

MEN AND WOMEN PROTECTING AMERICA

1. Support Traditional Marriage

2. Close the Borders now.

3. Deport all illegal immigrants now.

4. Eliminate bilingual education in all states.

5. Require health tests for all recent foreign born immigrants.

6. Make tax cuts permanent.

7. End Affirmative Action

8. Tort Reform - Stop Class Action Lawyers.

http://www.homestead.com/prosites-prs/Membership.h tml/ [homestead.com]

Sad (1, Funny)

Anonymous Coward | more than 9 years ago | (#10327838)

Everyone knows that you can be infected having sexual intercourse, however, that you now can even be infected by just looking at porn is rather sad I have to say.

Let me get this right... (3, Interesting)

slot32 (815657) | more than 9 years ago | (#10327859)

M$ Release Sp2 for XP. People resist installing cause they hear it can screw things up etc so they delay installing. M$ announce a new flaw with sample code in the wild, show how every O/S they have (practically) is suseptable EXCEPT XpSp2. ...? Funny order of events no?

THIS HAS NOT BEEN FIXED, url inside (5, Interesting)

Anonymous Coward | more than 9 years ago | (#10327905)

http://sylvana.net/test/AP4.jpg

will crash IE on an updated xp sp2 system.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>