Slashdot Mirror


Flaw in Microsoft JPEG Parsing

KDan writes "As reported by numerous sources, a new vulnerability has been disclosed (and patched) by Microsoft. This one concerns the parsing of JPEGs in XP Microsoft applications. A buffer overflow can be used to execute arbitrary code. So all those times you told your parents/friends that looking at images was safe - well, not anymore."

26 of 555 comments (clear)

  1. If you think looking at images is safe... by apanap · · Score: 5, Funny

    ...you obviously never saw goatse...

    --
    Give me a job. Please?
    1. Re:If you think looking at images is safe... by savagedome · · Score: 5, Funny

      Well, let me try to phrase it as precisely as I can. "It's something that makes a man out of a boy, instantly".

    2. Re:If you think looking at images is safe... by Anonymous Coward · · Score: 5, Funny

      See this month's issue of Time.

    3. Re:If you think looking at images is safe... by lateralus_1024 · · Score: 5, Funny

      1) Think of Goatse as a "portal".
      2) Goatse is a high bandwidth information highway in itself.
      3) Goatse can be a hiding place.
      4) Goatse tests the limits of humanity.
      I ran out of ideas, AC's of the world please fill in the rest...

      --
      If you think /. comments are bad, check out Digg.
    4. Re:If you think looking at images is safe... by ScrewMaster · · Score: 3, Funny

      Yes, and that man will require immediate hospitalization and long-term psychotherapy.

      --
      The higher the technology, the sharper that two-edged sword.
  2. Re:Why? by Anonymous Coward · · Score: 5, Funny

    because any lawyer that has a chance of winning already works for microsoft

  3. i knew it! by Coneasfast · · Score: 5, Funny

    and i was always telling everyone from the start, download your porn in png format.

    --
    Marge, get me your address book, 4 beers, and my conversation hat.
  4. Personal attack... by chill · · Score: 5, Funny

    I've been telling people for years "no, you can't get a virus from things like a JPEG picture. You're fine."

    Now this. Considering how many bugs are reported in all version of MS software, it is entirely possible that there are PERSONAL bugs. "This one is for Charles. Let's fuck with him."

    Sigh...

    -Charles

    --
    Learning HOW to think is more important than learning WHAT to think.
  5. WARNING - useless buzzword alert!!!! by Anonymous Coward · · Score: 5, Funny

    The parent post has been flagged for violation of the "Anti Buzzword Use Act". Specific violation: use of the phrase "attack vector". Sanction: exile from use of any computer, writing utensil or paint brush for 10 years.

  6. Microsoft should give up on IE by blcamp · · Score: 5, Funny


    They should forget about Internet Explorer and try thier hand on a different line of sofware... ...like, say, e-voting.

    --
    The problem with socialism is that they always run out of other people's money. - Margaret Thatcher
  7. Thank god for ASCII pr0n! by shawnce · · Score: 5, Funny

    Don't worry folks you can still get your pr0n with out getting a social dease...

    www.asciipr0n.com

  8. Pr0n by MastaBaba · · Score: 3, Funny

    Who said looking at Pr0n was safe?

  9. Aw, c'mon AC, RE: useless buzzword alert!!!! by flinxmeister · · Score: 4, Funny

    The parent post has been flagged for violation of the "Anti Buzzword Use Act". Specific violation: use of the phrase "attack vector".

    You're right, I should have said "Airpwn could leverage the synergies of this vulnerability and streamline the deployment...with or without interactive buy-in by stakeholders"

    Seriously, if you're going to be cute about buzzwords, at least wait until someone uses a real buzzword..."attack vector" is a real term and hasn't reached convergence in the buzzword mindshare yet.

  10. Buffer overflows are caused by lazy coders by techno-vampire · · Score: 3, Funny

    You don't allocate a buffer of fixed length unless you're lazy. You find out how long the input is, allocate a buffer big enough to fit then move the input to the buffer. When you're done you deallocate the buffer. Simple, safe and easy. I guess Micro$oft coders never learned how to practice safe hex.

    --
    Good, inexpensive web hosting
  11. Remember the days? by Garabito · · Score: 5, Funny
    When you tought you couldn't get a virus by opening a document in a word processor?

    Microsoft made it possible.


    When you assumed you couldn't get attacked by loading a web page?

    Microsoft made it possible, too.


    When you sweared you couldn't get infected just by receiving e-mail?

    Microsoft made it possible, again.



    And now, by the very same people who gave you all that...


    The JPEG parser vulnerability!!!


    God, this company has really brought innovation to the industry!

  12. This post is only directed towards Todd Walters by null+etc. · · Score: 5, Funny
    Todd Walters, remember 12 years ago in college when I told you that an exploit could theoretically take control of an operating system due to a flaw in the library that renders static graphics? And you said that no, only code that has a chance of executing can lead to exploits?

    I Told You So.

    BTW if you see this leave me a post, I haven't heard from you in 12 years and I don't know where you are.

    1. Re:This post is only directed towards Todd Walters by Kreigaffe · · Score: 3, Funny

      Wow, sounds like sooommmeone got served!

      --
      ... still waiting for this free-as-in-beer free beer I keep hearing about. :|
  13. Re:Oh my god by ArsonSmith · · Score: 4, Funny

    Ohh man I hope the first virus/worm/trojan based on this has is named after an STD.

    I was surfing porn and got herpies.

    That would be soooo funny.

    --
    Paying taxes to buy civilization is like paying a hooker to buy love.
  14. [OT] Speaking of Parsing JPEGs... by 4of12 · · Score: 5, Funny

    Is there anykind of a browser plug-in I could use to deciper steganographically enhanced JPEG images that might just come over plain old unsuspicious unencrypted http?

    GIFs were evil, PNG support lacked transparency, now JPEGs can cause buffer overflows - I'd say that IE has an image problem... Excuse me while I just run away now.

    --
    "Provided by the management for your protection."
  15. Sexy virus by Anonymous Coward · · Score: 5, Funny

    So the next Anna Kournikova virus will actually be a picture of Anna Kournikova

    1. Re:Sexy virus by cyroth · · Score: 4, Funny

      Sorry but I fail to see a problem with this

  16. Sorry... by keiferb · · Score: 5, Funny

    On Microsoft products, porn screws YOU!

  17. Re:Todd Waters Here by Geoffreyerffoeg · · Score: 3, Funny

    He doesn't want to know. He's looking for a Todd Walters.

    Nice try for a troll, but you might want to spell your own name correctly next time.... :-)

  18. Re:Not the problem by MarkGriz · · Score: 4, Funny

    Does this also affect JPEG attachments in Outlook?

    Lets see....

    Ok, check your email now.

    --
    Beauty is in the eye of the beerholder.
  19. How dumb can they be by dynamo · · Score: 3, Funny

    Watch out for next week's critical flaw in MS Hello World.

  20. Meanwhile, by Piquan · · Score: 4, Funny

    On a completely and totally unrelated topic, does anybody know where I can buy lots of banner ad space in bulk?