Mollox Posted September 30, 2004 Report Share Posted September 30, 2004 BBC News story I’m interested to know what “series of steps” make it less likely for people to be affected by this threat. Surely if its embedded in a jpeg then if it were on a website, peoples’ browsers will be reading those pages without giving them a choice – as one would expect… Link to comment Share on other sites More sharing options...
bazza_g Posted September 30, 2004 Report Share Posted September 30, 2004 that doesn't sound good does it ! Come to think of it I was using hotmail to send some pics yesterday and when I attached one of them it (hotmail) rejected it saying the attachment contained a virus ! When I tried again, it allowed the attachment to attach - hope its not connected with this story Link to comment Share on other sites More sharing options...
cerbera Posted September 30, 2004 Report Share Posted September 30, 2004 [ QUOTE ] that doesn't sound good does it ! Come to think of it I was using hotmail to send some pics yesterday and when I attached one of them it (hotmail) rejected it saying the attachment contained a virus ! When I tried again, it allowed the attachment to attach - hope its not connected with this story [/ QUOTE ] Bazza + hotmail = disaster+comedy.........eh Bazza ? Link to comment Share on other sites More sharing options...
scooby_simon Posted September 30, 2004 Report Share Posted September 30, 2004 [ QUOTE ] Once in place, the code then tells an infected machine to contact a server on the web to download another program that lets it be taken over remotely by an attacker. [/ QUOTE ] But if you have your firewall (assuming you have one) setup to control access to the web by programs, surely it will fail at this stage with a 'prog xyz not allowed to acces the internet' type error Link to comment Share on other sites More sharing options...
Chris_B Posted September 30, 2004 Report Share Posted September 30, 2004 [ QUOTE ] But if you have your firewall (assuming you have one) setup to control access to the web by programs, surely it will fail at this stage with a 'prog xyz not allowed to acces the internet' type error [/ QUOTE ] Not necessarily - IIRC, the flaw is a classic buffer overrun situation with JPEG handling in GDI+ code. The code executed is run within the process space of the vulnerable application, so you've already told ZoneAlarm (or whatever) that iexplore.exe can access the Internet. If the downloaded file was a standalone executable, it would then be blocked unless the user allowed it when prompted, unless it was downloaded as a browser helper object, then it would again be running in the iexplore.exe process space. Link to comment Share on other sites More sharing options...
bazza_g Posted September 30, 2004 Report Share Posted September 30, 2004 [ QUOTE ] Bazza + hotmail = disaster+comedy.........eh Bazza ? [/ QUOTE ] don't know what you're talking about Link to comment Share on other sites More sharing options...
scooby_simon Posted September 30, 2004 Report Share Posted September 30, 2004 [ QUOTE ] [ QUOTE ] But if you have your firewall (assuming you have one) setup to control access to the web by programs, surely it will fail at this stage with a 'prog xyz not allowed to acces the internet' type error [/ QUOTE ] Not necessarily - IIRC, the flaw is a classic buffer overrun situation with JPEG handling in GDI+ code. The code executed is run within the process space of the vulnerable application, so you've already told ZoneAlarm (or whatever) that iexplore.exe can access the Internet. If the downloaded file was a standalone executable, it would then be blocked unless the user allowed it when prompted, unless it was downloaded as a browser helper object, then it would again be running in the iexplore.exe process space. [/ QUOTE ] if you say so.... eek So we now have to stop looking at pron ? Link to comment Share on other sites More sharing options...
Chris_B Posted September 30, 2004 Report Share Posted September 30, 2004 [ QUOTE ] if you say so.... eek So we now have to stop looking at pron ? [/ QUOTE ] Not if you get the update and run the GDI+ vulnerability check tool (should run automatically after you download and install the update). http://www.microsoft.com/security/bulletins/200409_jpeg.mspx Link to comment Share on other sites More sharing options...
scooby_simon Posted September 30, 2004 Report Share Posted September 30, 2004 [ QUOTE ] [ QUOTE ] if you say so.... eek So we now have to stop looking at pron ? [/ QUOTE ] Not if you get the update and run the GDI+ vulnerability check tool (should run automatically after you download and install the update). http://www.microsoft.com/security/bulletins/200409_jpeg.mspx [/ QUOTE ] shall investigate the GDI+ tool tonight Link to comment Share on other sites More sharing options...
scooby_simon Posted September 30, 2004 Report Share Posted September 30, 2004 From www.microsoft.com/security/bulletins/200409_jpeg.mspx [ QUOTE ] The GDI+ security update for September 2004 addresses newly discovered issues in JPEG processing technology. This issue affects software that supports this image format, including some versions of Microsoft Windows, Microsoft Office, and Microsoft developer tools. If you have any of the listed software installed on your computer, you should install the related update. Depending on the software you are using, you may need to install multiple updates from multiple locations. Important Windows XP Service Pack 2 (SP2) is not affected by the GDI+ issue, and installing Windows XP SP2 eliminates the GDI+ issue in affected Microsoft developer tools and imaging software. However, Windows XP SP2 users may have other Microsoft software installed that requires updating. If you use Windows XP SP2 and Microsoft Office, please visit the Office Update Web site to scan your computer for needed updates. [/ QUOTE ] Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now