Exploit posted for Microsoft JPEG flaw

Dom · Sep 22, 2004, 02:33 PM

Computer code that takes advantage of a flaw in the way many Microsoft Corp. applications process JPEG images has been published on the Internet and could be a precursor to actual attacks on vulnerable PCs, experts said.

The code was published late last week, only days after Microsoft on Tuesday revealed the "critical" vulnerability and made available patches to fix the problem. Any application that processes JPEG images could be vulnerable. A wide range of Microsoft software, including versions of its Windows and Office products, are vulnerable.

So far only "proof-of-concept" code has been published, which can cause a vulnerable Web browser to crash or a PC to freeze. A fully developed exploit would allow an attacker to take control of a victim's computer by remotely opening a command prompt or downloading and running malicious software, one expert said Tuesday.

"Typically a proof of concept is a first step towards a full blown exploit," said Johannes Ullrich, chief technology officer at The SANS Institute's Internet Storm Center. "It is an indication that people are playing with it and experimenting to try and get it to work for other purposes, typically to open a remote shell or download and execute code."

Microsoft is aware of the exploit code and is investigating the matter, a company spokeswoman said. "Microsoft’s early investigation of this code indicates that it can cause a computer that does not have (the patches) installed to stop responding, but it does not execute code remotely," she said.

[Read More]

______________________
Source: InfoWorld

Sep 22, 2004, 02:33 PM	#1
Dom DriverHeaven Extreme Member Join Date: Jun 2002 Posts: 12,940 Rep Power: 0	Exploit posted for Microsoft JPEG flaw Computer code that takes advantage of a flaw in the way many Microsoft Corp. applications process JPEG images has been published on the Internet and could be a precursor to actual attacks on vulnerable PCs, experts said. The code was published late last week, only days after Microsoft on Tuesday revealed the "critical" vulnerability and made available patches to fix the problem. Any application that processes JPEG images could be vulnerable. A wide range of Microsoft software, including versions of its Windows and Office products, are vulnerable. So far only "proof-of-concept" code has been published, which can cause a vulnerable Web browser to crash or a PC to freeze. A fully developed exploit would allow an attacker to take control of a victim's computer by remotely opening a command prompt or downloading and running malicious software, one expert said Tuesday. "Typically a proof of concept is a first step towards a full blown exploit," said Johannes Ullrich, chief technology officer at The SANS Institute's Internet Storm Center. "It is an indication that people are playing with it and experimenting to try and get it to work for other purposes, typically to open a remote shell or download and execute code." Microsoft is aware of the exploit code and is investigating the matter, a company spokeswoman said. "Microsoft’s early investigation of this code indicates that it can cause a computer that does not have (the patches) installed to stop responding, but it does not execute code remotely," she said. [Read More] ______________________ Source: InfoWorld