[Windows] JPEG exploit toolkit spotted online

toolkit designed to exploit a recently-disclosed Microsoft JPEG vulnerability has been released onto the net. The toolkit (screen shot from AV firm F-Secure here) makes it trivially easy for maliciously-minded attackers, however unskilled they might be, to exploit unpatched Windows systems and run malicious code.

The attack mechanism used here takes advantage of a recently discovered flaw in the way Microsoft applications process JPEG image files. Malformed JPEG files are capable of triggering a buffer overflow in a common Windows component (the GDI+ image viewing library), it was revealed last week. This behaviour creates a ready mechanism to inject exploit code into vulnerable systems. Windows XP and Windows Server 2003 make use of vulnerable library by default. Other Windows OSes might be vulnerable, depending on what applications users have installed.

Microsoft, which unsurprisingly rates the vulnerability as critical, released a patch to defend against the flaw on 14 September. To be at risk, users have to open a JPEG file modified to trigger the flaw using either IE or Outlook. They also need to be unpatched. Unfortunately there's plenty of scope for both conditions to be met and the gene pool of potential victims is huge.

The problem is exacerbated by the fact JPEG files are typically viewed "as a benign and trusted file format... as such it is possible to cause image files to be viewed with minimal user-interaction through several applications including many email clients such as Outlook and Outlook Express," Security tools vendor ISS notes. "There is also potential for automatic exploitation in the form of a network-propagating worm."

...
http://www.theregister.co.uk/2004/09/24/jpeg_exploit_toolkit/

Also there is another JPEG Exploit around, not patched by MS yet. The other one (null pointer dreference) has no known security risks, but can be used to crash a Windows PC - even with all patches installed.

(meaning, those who make code intentionally to destroy computers, as opposed to the malicious code writers at MS who make code intentionally to be shitty so they can sell upgrades) would have their nuts ripped off, and then use their intelligence and skills for the cause of good.

if you are using either the latest version of the Mozilla Browser Suite or the Mozilla Firefox standalone browser you should know that they are not succeptible to this attack.

If you aren't... well, why not?


http://browsehappy.com


http://www.mozilla.org

The exploit does not reside in the ie, but in an OS library.
So any unpatched application using the MS picture library is vulnerable. This includes office, the windows explorer,...

Mozilla does indeed use another Picture Library: the "libpr0n" porn rendering library (honestly!).