Help - Search - Member List - Calendar
Full Version: JPEG buffer overrun
nForums.net > Information & Services > Public News
PimpScourge
Sep 15 2004, 09:28 PM
QUOTE
http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx

This update resolves a newly-discovered, privately reported vulnerability. A buffer overrun vulnerability exists in the processing of JPEG image formats that could allow remote code execution on an affected system. The vulnerability is documented in this bulletin in its own section.

If a user is logged on with administrator privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.


apply patch if needed. :S
forbin
Sep 15 2004, 11:59 PM
Read about that one today .. But from what I read, the vulnerability is within JPEG processing .. MS is only fixing their pice of the pie, but many products and OS's are involved here. I also understand that MS has a scanner that you can DL that will inform you of all the products that you have installed that would also need patching.
lokal
Sep 16 2004, 12:19 AM
On a related note...

QUOTE
"An advisory has been issued on several buffer overflow exploits in the Mozilla and Thunderbird code. Coincidentally, one of the exploits takes advantage of a unchecked buffer in the bitmap parser, very similar to recent Microsoft JPEG vulnerability. The good news is that if you have an updated version (Mozilla 1.7.3, Firefox 1.0PR, Thunderbird 0.8) you won't be affected."
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2025 Invision Power Services, Inc.