IPB

Welcome Guest ( Log In | Register )

 
 Reply to this topicStart new topicStart Poll

Outline · [ Standard ] · Linear+

> JPEG buffer overrun, vulnerability

Track this topic | Email this topic | Print this topic
PimpScourge
post Sep 15 2004, 09:28 PM
Post #1
QB Challenge Champion! Sink Ya Drink Champion!

Broken As Designed
*****

Group: Admin
Posts: 529
Joined: 17-March 04
Member No.: 2
QUOTE
http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx

This update resolves a newly-discovered, privately reported vulnerability. A buffer overrun vulnerability exists in the processing of JPEG image formats that could allow remote code execution on an affected system. The vulnerability is documented in this bulletin in its own section.

If a user is logged on with administrator privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.


apply patch if needed. :S
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
forbin
post Sep 15 2004, 11:59 PM
Post #2


nFm [ progressor ]
**

Group: Private Member
Posts: 141
Joined: 22-March 04
Member No.: 55
Read about that one today .. But from what I read, the vulnerability is within JPEG processing .. MS is only fixing their pice of the pie, but many products and OS's are involved here. I also understand that MS has a scanner that you can DL that will inform you of all the products that you have installed that would also need patching.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
lokal
post Sep 16 2004, 12:19 AM
Post #3


nFm [ progressor ]
**

Group: Full Member
Posts: 86
Joined: 11-August 04
Member No.: 142
On a related note...

QUOTE
"An advisory has been issued on several buffer overflow exploits in the Mozilla and Thunderbird code. Coincidentally, one of the exploits takes advantage of a unchecked buffer in the bitmap parser, very similar to recent Microsoft JPEG vulnerability. The good news is that if you have an updated version (Mozilla 1.7.3, Firefox 1.0PR, Thunderbird 0.8) you won't be affected."


--------------------
user posted image
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
« Next Oldest · Public News · Next Newest »
 

Reply to this topicTopic OptionsStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
 

Lo-Fi Version Time is now: 1st July 2025 - 10:59 PM
Powered by Invision Power Board(Trial) v2.0.0 © 2025  IPS, Inc.