Sunday, September 26, 2004

JPG Processing (GDI+) Bug In the Wild

JPG Processing (GDI+) Bug In the Wild

"Hacktool.JPEGDownload is a program that can be used to generate .jpg files that exploit the Microsoft GDI+ Library JPEG Segment Length Integer Underflow vulnerability (described in the Microsoft Security Bulletin MS04-028). The .jpg files that this Trojan generates can download a URL hardcoded in the .jpg file, and are detected by Symantec products as Download.Trojan. "

"Although there are no known uses in any current malware other than this proof-of-concept program, once an exploit has been used as a proof-of-concept, it typically is not long before it is in the field, so patch up."

VERY Scary... As I think I've said, this GDIPlus/JPEG issue could get big and really scary. Just a matter of time.

It can be a pain to find all the different DLL's that are vulnerable and then to get them all fixed. MS HAS to do something to make this easier to fix. Their current solution is just not acceptable. A single patch utility needs to be made available now... I need something my parents can run...

Viruses get bad enough when a user has to click to activate. Now all then need to do view a web page and they could be infected. Or open a Word doc, open a Visio diagram, open a Crystal Report (all of which on my system had GDIPlus.DLL or MSO.DLL's that needed to be patched).

Scary...

No comments: