-
October 16th, 2004, 09:08 PM
#1
More JPEG vulnerabilities...
OK, there are a TON of unexplored vulnerabilities in the JPEG DLL being revealed. Most of them (all of them?) require you only to view a web page in IE. I've got in front of me, a paper revealing a new DOS attack that possibly affects all versions of Windows from Windows 95/NT to Windows XP SP2. Stop using IE, folks and treat JPEGs with a bit of suspicion. Those who get Bugtraq, look at John Bissell's post dated October 14th.
Cheers,
cgkanchi
-
October 16th, 2004, 09:32 PM
#2
If the extent so far is DoS, (reboot the box), this is not really as much of a major issue it was touted to be, (I'm actually surprised that a remote code execution issue hasn't raised it's head yet which implies that this is much more difficult to exploit than the pundits first told us).
In a (L)user world they get to reboot the box.... ooops.... 3 minutes downtime.... In a server world if you are surfing the web on a production server then you probably should be removed instantly from the admin world and placed firmly in the (L)user world for life....
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
October 16th, 2004, 09:35 PM
#3
Obviously if the DoS causes a crash, it's only going to take down the app that tries to read the dodgy jpg.
But if that's your mail program, and the message breaking it is sat in the inbox, it could be nasty
Slarty
-
October 16th, 2004, 09:40 PM
#4
Slarty: PITA? Yes.... far from the end of the world though.....
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|