Slashdot Mirror


Flaw in Microsoft JPEG Parsing

KDan writes "As reported by numerous sources, a new vulnerability has been disclosed (and patched) by Microsoft. This one concerns the parsing of JPEGs in XP Microsoft applications. A buffer overflow can be used to execute arbitrary code. So all those times you told your parents/friends that looking at images was safe - well, not anymore."

7 of 555 comments (clear)

  1. Not the problem by MikeMacK · · Score: 5, Insightful
    "The vulnerability could only be exploited by an attacker who persuaded a user to open a specially crafted file or to view a directory that contains the specially crafted image," Microsoft said in a statement. "There is no way for an attacker to force a user to open a malicious file."

    The problem is not "forcing" people to open attachments, the problem has always been that people open attachments.

    1. Re:Not the problem by JayJay.br · · Score: 5, Insightful

      I would go even further: opening a specially crafted image is automatic if it is inside an HTML page.

      How easy would it be to make a website about almost anything and containing one of these babies?

      On a sidenote, would Firefox on Windows be vulnerable? Does it use Microsoft's JPEG library or does it have libjpeg embedded?

  2. Back in the day by Eberlin · · Score: 5, Insightful

    Call me old school, but remember back in the day when opening e-mail was ok, and that executable attachments were what we watched out for? Images were ok, MIDI files were ok, and a bit later, even MP3 files were ok.

    Of course if the same codebase were used then, it NEVER was ok...but we sure thought things were juuuust fine.

    Is this any way related to the leaked code that led to a vuln discovery regarding BMP files? I know it's a different format but seems like parsing image files spells some trouble.

  3. Spin Control by Wanker · · Score: 5, Insightful
    From http://www.microsoft.com/technet/security/Bulletin /MS04-028.mspx:
    In a Web-based attack scenario, an attacker would have to host a Web site that contains a Web page that is used to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site.


    I like the phrase "no way to force users to visit a malicious Web site". How many users have image views enabled in their mail client? How hard would it be for a shady advertiser or a hacked advertiser to include a malicous JPEG as a banner ad?
  4. Re:Damn It. by Portigui · · Score: 5, Insightful
    Don't trust outside data. Don't developers think of these things?
    Of course we think of things but it is never possible to think of every possible scenario when you are punching out applications with hundreds of thousands lines of code. An old college professor of mine once said: "There is no such thing as a perfect programmer. Those that think they are, are either a fool or a liar."
  5. Re:Why? by ArsonSmith · · Score: 5, Insightful

    Well yea because you wouldn't expect a file cabnet to shred your files.

    On the other hand Microsoft spent years conditioning people to belive that computers just randomly shred your files.

    --
    Paying taxes to buy civilization is like paying a hooker to buy love.
  6. no way to force you to open a jpeg? by Risto · · Score: 5, Insightful

    "There is no way for an attacker to force a user to open a malicious file."

    This has got to be one of the stupidest things MS has ever said.

    It's called spam!!!
    99.999% of email programs and browsers automatically "open" images for viewing

    We all get spam
    the image can be a logo or something nonsuspicious
    embedded in the email

    So you only have to read the email
    to get infected