Re: incredible

From: John Larkin (jjlarkin_at_highSNIPlandTHIStechPLEASEnology.com)
Date: 09/15/04

• Next message: Joerg: "Re: Engineering Environment"
• Previous message: Dirk Bruere at Neopax: "Re: incredible"
• In reply to: Adam. Seychell: "Re: incredible"
• Next in thread: Frank Bemelman: "Re: incredible"
• Reply: Frank Bemelman: "Re: incredible"
• Messages sorted by: [ date ] [ thread ]

---

Date: Wed, 15 Sep 2004 14:59:52 -0700

On Thu, 16 Sep 2004 07:41:27 +1000, "Adam. Seychell"
<invald@invalid.com> wrote:

>Dirk Bruere at Neopax wrote:
>
>> John Larkin wrote:
>>
>>> http://www.securityfocus.com/news/9508
>>>
>>
>> "The old bromide that promises you can't get a computer virus by looking
>> at an image file crumbled a bit further Tuesday when Microsoft announced
>> a critical vulnerability in its software's handling of the ubiquitous
>> JPEG graphics format.
>>
>> The security hole is a buffer overflow that potentially allows an
>> attacker to craft a special JPEG file that would take control of a
>> victim's machine when the user views it through Internet Explorer,
>> Outlook, Word, and other programs. The poisoned picture could be
>> displayed on a website, sent in e-mail, or circulated on a P2P network. "
>>
>> Utter incompetence - it really is unbelievable.
>>
>
>I'd like to know the relationship between the buffer overflows and a how
>its possible to exploit the this bug to create malicious code. Is there
>some functions in the Microsoft image decoding routines that say if a
>buffer overflow then execute a undocumented and secret language format
>imbeded inside JPEG files ? !!!
>
>Can someone please explain what possible like exists between buffer
>overflows and computer viruses ? A buffer overflow is nothing more than
> an pointer going outside its intended range.
>Has anyone seen proof of this vulnerability yet ?
>
>Adam
>

It's been done many times. Far too may times.

Just google "buffer overflow." Or maybe "Microsoft stupidity."

John

---

• Next message: Joerg: "Re: Engineering Environment"
• Previous message: Dirk Bruere at Neopax: "Re: incredible"
• In reply to: Adam. Seychell: "Re: incredible"
• Next in thread: Frank Bemelman: "Re: incredible"
• Reply: Frank Bemelman: "Re: incredible"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: incredible ... >> looking at an image file crumbled a bit further Tuesday when Microsoft ... >> announced a critical vulnerability in its software's handling of the ... >> The security hole is a buffer overflow that potentially allows an ... > buffer overflow then execute a undocumented and secret language format ... (sci.electronics.design) SDL_Image 1.2.6 and prior GIF handling buffer overflow ... SDL_Image 1.2.6 and prior GIF handling buffer overflow ... SDL_Image is an open source library providing image file handling ... GIF format handling routines suffers from lack of proper buffer ... in some cases the attack could be remote. ... (Bugtraq) Re: incredible ... > JPEG graphics format. ... zlib had a buffer overflow exploit in it for YEARS before it was ... And zlib was used by everybody. ... I don't think it is fair to call this utter incompetence. ... (sci.electronics.design) Re: incredible ... > "The old bromide that promises you can't get a computer virus by looking ... > JPEG graphics format. ... > attacker to craft a special JPEG file that would take control of a ... buffer overflow then execute a undocumented and secret language format ... (sci.electronics.design) Re: Web based email issues ... >> handling application). ... > Show me an example of a buffer overflow caused by a large JPG file:) ... How many Bill Gates does it take to change a lightbulb? ... (alt.computer.security)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

sci.tech-archive.net  > Archive  > sci.electronics.design  > 2004-09