The game is on...

I just got notice that the JPEG/GDI+ exploit that I talked about a few posts back has appeared on usenet, more specifically on some adult newsgroups such as alt.binaries.multimedia.erotica.transsexuals, a*.b*.pictures.erotica.transexual, a*.b*.p*.e*.transexual.action, a*.b*.p*.e*.transsexual, a.b.erotica.beanie-babies, a*.b*.e*.breasts, a*.b*.e*.christy-canyon, a*.b*.e*.fetish, a*.b*.e*.original.sin and alt.binaries.erotica.pornstar.

No need to believe the attempted exploit use will remain limited to these newsgroups. Apart from that, the exploited JPEG file can (and probably will) be renamed to for instance .bmp or .gif without affecting the usability. In other words, when you receive or download a exploited JPG that has been renamed to .bmp, windows (and the vulnerable GDI+ DLL) will still treat the file as JPG, with the potentially devastating results.

Please make sure your virusscanner is up-to-date and includes images in its scans, install SP2 if you're running Windows XP and haven't done so yet, as well as patch all Office programs through Office Update. Putting Outlook and Outlook Express in plain text mode won't hurt either, as it'll prevent (infected?) images to be loaded from the internet without your interference.

More info on the current events can be found here : JPEG/GDI+ Exploit appears on Easynews (plain text file).

Monthly Archives


OpenID accepted here Learn more about OpenID
Powered by Movable Type 5.04

About this Entry

This page contains a single entry by ServMe published on September 28, 2004 2:49 AM.

Signs was the previous entry in this blog.

Keeping busy is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.