Flaw in Microsoft JPEG Parsing
KDan writes "As reported by numerous sources, a new vulnerability has been disclosed (and patched) by Microsoft. This one concerns the parsing of JPEGs in XP Microsoft applications. A buffer overflow can be used to execute arbitrary code. So all those times you told your parents/friends that looking at images was safe - well, not anymore."
...you obviously never saw goatse...
Give me a job. Please?
because any lawyer that has a chance of winning already works for microsoft
and i was always telling everyone from the start, download your porn in png format.
Marge, get me your address book, 4 beers, and my conversation hat.
I've been telling people for years "no, you can't get a virus from things like a JPEG picture. You're fine."
Now this. Considering how many bugs are reported in all version of MS software, it is entirely possible that there are PERSONAL bugs. "This one is for Charles. Let's fuck with him."
Sigh...
-Charles
Learning HOW to think is more important than learning WHAT to think.
The parent post has been flagged for violation of the "Anti Buzzword Use Act". Specific violation: use of the phrase "attack vector". Sanction: exile from use of any computer, writing utensil or paint brush for 10 years.
They should forget about Internet Explorer and try thier hand on a different line of sofware...
The problem with socialism is that they always run out of other people's money. - Margaret Thatcher
Don't worry folks you can still get your pr0n with out getting a social dease...
www.asciipr0n.com
Who said looking at Pr0n was safe?
The parent post has been flagged for violation of the "Anti Buzzword Use Act". Specific violation: use of the phrase "attack vector".
You're right, I should have said "Airpwn could leverage the synergies of this vulnerability and streamline the deployment...with or without interactive buy-in by stakeholders"
Seriously, if you're going to be cute about buzzwords, at least wait until someone uses a real buzzword..."attack vector" is a real term and hasn't reached convergence in the buzzword mindshare yet.
You don't allocate a buffer of fixed length unless you're lazy. You find out how long the input is, allocate a buffer big enough to fit then move the input to the buffer. When you're done you deallocate the buffer. Simple, safe and easy. I guess Micro$oft coders never learned how to practice safe hex.
Good, inexpensive web hosting
Microsoft made it possible.
When you assumed you couldn't get attacked by loading a web page?
Microsoft made it possible, too.
When you sweared you couldn't get infected just by receiving e-mail?
Microsoft made it possible, again.
And now, by the very same people who gave you all that...
The JPEG parser vulnerability!!!
God, this company has really brought innovation to the industry!
I Told You So.
BTW if you see this leave me a post, I haven't heard from you in 12 years and I don't know where you are.
Ohh man I hope the first virus/worm/trojan based on this has is named after an STD.
I was surfing porn and got herpies.
That would be soooo funny.
Paying taxes to buy civilization is like paying a hooker to buy love.
Is there anykind of a browser plug-in I could use to deciper steganographically enhanced JPEG images that might just come over plain old unsuspicious unencrypted http?
GIFs were evil, PNG support lacked transparency, now JPEGs can cause buffer overflows - I'd say that IE has an image problem... Excuse me while I just run away now.
"Provided by the management for your protection."
So the next Anna Kournikova virus will actually be a picture of Anna Kournikova
On Microsoft products, porn screws YOU!
He doesn't want to know. He's looking for a Todd Walters.
:-)
Nice try for a troll, but you might want to spell your own name correctly next time....
Does this also affect JPEG attachments in Outlook?
Lets see....
Ok, check your email now.
Beauty is in the eye of the beerholder.
Watch out for next week's critical flaw in MS Hello World.
On a completely and totally unrelated topic, does anybody know where I can buy lots of banner ad space in bulk?