Jpeg Of Death.c v0.5
p2pnet.net News:- You knew it was coming. And now it’s here – the latest evil spurred by the latest Microsoft security hole.
It’s called the JpegOfDeath.c v0.5, but jpg isn’t all it threatens.
“[...] for the people out there who think you can only be affected through viewing or downloading a jpeg attachment.. you’re dead wrong,” says K-OTIC’s John Bissell aka HighT1mes.
“All the attacker has to do is simply change image extension from .jpg to .bmp or .tif or whatever and stupid Windows will still treat the file as a JPEG :-p…”
On September 15, Microsoft issued a red alert warning of a ‘critical’ security flaw in its jpg processing technology that centres on software supporting the JPEG (.jpg) format, including some versions of Microsoft Windows, Microsoft Office, and Microsoft developer tools.
After that, it was only a question of time.
On September 17, “A proof-of-concept exploit which executes code on the victim’s computer when opening a JPG file has been posted to a public website,” said F-Secure. “That exploit was only crashing Internet Explorer.
“On September 24th there appeared a constructor that could produce JPG files with the MS04-028 exploit. This time the exploit executed a code that could download and run a file from Internet. However, the JPG file with the exploit has to be previewed locally for the exploit to get activated, viewing a JPG file from a remote host does not activate the exploit.
“We are expecting that more exploit techniques will be created by hacker groups. And there is a chance that someone will create a universal exploit that would work when viewing an image locally and on a remote host.”
K-OTIC describes it as a Windows JPEG GDI+ Heap Overflow Remote Exploit (MS04-028) and says it was released on September 23.
Bissell says it’s an exploit, “based on FoToZ exploit but kicks the exploit up a notch by making it have reverse connectback as well as bind features that will work with all NT based OS’s. WinNT, WinXP, Win2K, Win2003, etc… “
Nor, it seems, do victims have to click a link to be nailed.
“For instance,” says Bissell, “you send them the image with a 1,1 width,height and then they can’t see it in Outlook Express, so there like man this image has a cool name so I’ll try to open the attachment, then ……”
Given the nature of its host, the JpegOfDeath.c v0.5 could be one of – if not THE – worst virus yet.
Thanks, Microsoft. Again.
Software affected includes:
- Windows XP
- Windows XP Service Pack 1 (SP1)
- Windows Server 2003
- Internet Explorer 6 SP1
- Office XP SP3
- Note Office XP SP3 includes Word 2002, Excel 2002, Outlook 2002, PowerPoint 2002, FrontPage 2002, and Publisher 2002.
- Office 2003
- Note Office 2003 includes Word 2003, Excel 2003, Outlook 2003, PowerPoint 2003, FrontPage 2003, Publisher 2003, InfoPath 2003, and OneNote 2003.
- Digital Image Pro 7.0
- Digital Image Pro 9
- Digital Image Suite 9
- Greetings 2002
- Picture It! 2002 (all versions)
- Picture It! 7.0 (all versions)
- Picture It! 9 (all versions, including Picture It! Library)
- Producer for PowerPoint (all versions)
- Project 2002 SP1 (all versions)
- Project 2003 (all versions)
- Visio 2002 SP2 (all versions)
- Visio 2003 (all versions)
- Visual Studio .NET 2002
- Note Visual Studio .NET 2002 includes Visual Basic .NET Standard 2002, Visual C# .NET Standard 2002, and Visual C++ .NET Standard 2002.
- Visual Studio .NET 2003
- Note Visual Studio .NET 2003 includes Visual Basic .NET Standard 2003, Visual C# .NET Standard 2003, Visual C++ .NET Standard 2003, and Visual J# .NET Standard 2003.
- .NET Framework 1.0 SP2
- .NET Framework 1.0 SDK SP2
- .NET Framework 1.1
- Platform SDK Redistributable: GDI+
Go here for a patch.
==================
See:-
HighT1mes – Windows JPEG GDI+ Heap Overflow Remote Exploit (MS04-028)
‘critical’ security flaw – Microsoft JPEG Red Alert, p2pnet, September 15, 2004
proof-of-concept – JPG Vulnerability Exploit, F-Secure
September 28th, 2004 at 2:45 pm
http://www.easynews.com/virus.html
Morg
September 28th, 2004 at 2:53 pm
http://www.mozilla.org
Save yourself.
November 19th, 2004 at 10:27 am
I wrote a small program to test if your system is vulnerable, then if it is, it leads you through patching the vulnerability. It’s an SFX with a batch file and an “infected” JPG included in it. The SFX automatically launches the batch file, which in turn displays the exploited JPG. If it successfully exploits the system, it downloads another batch file which leads you through patching your system.
I promise it’s completely harmless (besides crashing Explorer which will come right back automatically). It warns you before it’s about to attempt to exploit the system, reminding you to save any open documents.
It can be found here:
– http://www.guidoz.com/exploit-test.exe
More information on it can be seen from a multitude of lists where I originally posted it. Here is one from the SecurityFocus “Vulnerability Watch” mailing list:
– http://cert.uni-stuttgart.de/archive/vulnwatch/2004/10/msg00005.html
–
Peace. ~G
December 14th, 2008 at 10:46 pm
Crashing Explorer………………..SUCK!!
Why don’t u use lovely Faronic Deep Freeze…………….NOT THE CRACKED!!