Results 1 to 4 of 4

Thread: More JPEG vulnerabilities...

  1. #1
    Antionline Herpetologist
    Join Date
    Aug 2001
    Posts
    1,165

    More JPEG vulnerabilities...

    OK, there are a TON of unexplored vulnerabilities in the JPEG DLL being revealed. Most of them (all of them?) require you only to view a web page in IE. I've got in front of me, a paper revealing a new DOS attack that possibly affects all versions of Windows from Windows 95/NT to Windows XP SP2. Stop using IE, folks and treat JPEGs with a bit of suspicion. Those who get Bugtraq, look at John Bissell's post dated October 14th.

    Cheers,
    cgkanchi
    Buy the Snakes of India book, support research and education (sorry the website has been discontinued)
    My blog: http://biology000.blogspot.com

  2. #2
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    If the extent so far is DoS, (reboot the box), this is not really as much of a major issue it was touted to be, (I'm actually surprised that a remote code execution issue hasn't raised it's head yet which implies that this is much more difficult to exploit than the pundits first told us).

    In a (L)user world they get to reboot the box.... ooops.... 3 minutes downtime.... In a server world if you are surfing the web on a production server then you probably should be removed instantly from the admin world and placed firmly in the (L)user world for life....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  3. #3
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    Obviously if the DoS causes a crash, it's only going to take down the app that tries to read the dodgy jpg.

    But if that's your mail program, and the message breaking it is sat in the inbox, it could be nasty

    Slarty

  4. #4
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Slarty: PITA? Yes.... far from the end of the world though.....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •