I was searching around for socks5 servers originally when i came across this:
http://neworder.box.sk/explread.php?newsid=8689

Now, who ever wrote this i dont feel wrote it well, and im sure most of you know the theory behind a buffer overflow, but for those of you that dont i will be so kind as to get you up to speed real quick so that you might be able to fllow along better. A buffer overflow occurs when a program or process tries to store more data in a buffer than what was intended to hold, since buffers are usually ment to contain a finite amount of data the extra info goes into adjacent buffers, corrupting them or over writing them (hence a stack based buffer overflow, when a attacker sends a set of instructions to the victims computer to be executed in hopes of at a minimum obtaining a terminal winow to execute further commands on to esculate priv's)
So, with that out of the way I began to ask myself some questions after reading this article. Such as what kind of threat does this exploit serve? Under what circumstances would this exploit work?(I.E. what versions would be affected, would any other MS services have to be running, what versions of windows, etc, etc) And last, is this really a buffer overflow or a DoS, and i ask myself this because i am failing to see at what point this would gain an attacker any kind of the usuall objects of desire like i mentioned before, a command line. Also, i fail to see how such instructions that are crafted in packets in a typical buffer overflow exploit, could be inserted into a picture. Its is because of these questions that I am unsure weather this is actually a buffer overflow or a DoS, and i say DoS because one line of this article stood out to me:
now you have "uncompleted picture", to cause a buffer overflow send it to your friend several times (depend on the size of the picture) and it will cause a buffer overflow.

This statement sounds more like a DoS to me then a buffer overflow, but either way, this sounds to be a very very easily executed exploit, and if it works under a wide variety of circumstances it could possibley be dangerous just due to the fact that it is a very simple exploit. I plan on looking more into this and see if its just a bunch of BS or possibley a threat, and if so then i would like to find ways of prevention. What are you guys thinkin about all this?