Slashdot Mirror


Flaw in Microsoft JPEG Parsing

KDan writes "As reported by numerous sources, a new vulnerability has been disclosed (and patched) by Microsoft. This one concerns the parsing of JPEGs in XP Microsoft applications. A buffer overflow can be used to execute arbitrary code. So all those times you told your parents/friends that looking at images was safe - well, not anymore."

10 of 555 comments (clear)

  1. Why? by DAldredge · · Score: 4, Interesting

    If a small company releases a product and people get harmed the lawyers decend like a pack of wolves to sue them.

    Why doesn't someone sue Microsoft? After all people sue companies all the time even if the product in question has warning labels.

  2. Microsoft rolls their own buggy JPEG reader... by Carnildo · · Score: 4, Interesting

    ...Everyone else uses libJPEG.

    Any bets on how long it'll be until someone finds either a hole in the Microsoft PNG decoder or libJPEG? We've had holes in libPNG and Microsoft's JPEG decoder.

    --
    "They redundantly repeated themselves over and over again incessantly without end ad infinitum" -- ibid.
  3. this isn't the first image exploit by gnat_x · · Score: 5, Interesting

    there have been lots of image exploits put out there.

    if memory serves there was even a png patch for linux this past summer.

    gif exploits have been around for a while too.

    the real worry here, as with most M$ security releases is how long they knew about it, and whether they waited until SP2 was released so they could say that their new software didn't have that vulnerability.

    microsoft security department, we take orders from marketing!

  4. Untrusted data by ChiralSoftware · · Score: 5, Interesting
    We're going to get burned over and over and over and then we will get burned some more by processing untrusted data (stuff off the net) using any language that has unsafe memory operations. This isn't just a Microsoft problem; we've seen the same problems in zlib (PNG), resulting in vulnerabilities in almost all Linux/Unix apps that handle graphics. We're going to keep seeing these problems until we start handling all unsafe data as if it's got a contagious disease, which means handling it in an isolated environment like a VM.

    ---------
    WAP software

  5. Re:Personal attack... by RocketScientist · · Score: 5, Interesting

    Before that, I told people for years, "No, you can't get a virus from just opening an email". Then the first "outlook virus that spams everyone in your address book" happened.

    Is anything safe? Should I start telling people, "No, actually nothing is safe, and you should just not use the computer if you don't want it infected with something nasty".

    Or just get them Macs.

  6. Pain in the ass to update by SilentChris · · Score: 4, Interesting

    While normally I shrug off most Slashdot anti-MS FUD, I've got to admit, this one's going to be a huge pain in the ass to rollout.

    Normally, I just read the whitepapers, run a test on a workstation then rollout a Windows update using the free SUS server. This one, I'm going to have to rollout the update (just for XP SP1 users), figure out an update plan for Office, figure out who actually uses those image programs, etc.

    And here's a question: SP2 isn't affected. Why didn't they rollout this fix in SP1 *before* rolling out SP2, if they clearly knew it needed fixing. Most companies I know (mine included) are in the middle of testing SP2 migration plans. This adds another wrinkle to the whole process.

  7. more interesting than you think by kiskoa · · Score: 3, Interesting
    Managed code - in this case .NET - is inherently secured against buffer underruns and code injection, until the VM or and the external components used by the framework do not have buffer underrin bugs.

    And that's just what happened. .NET Framework is heavily dependent on GDI+. Now you can use a managed software to hack the system.

    --
    If Yoda so strong in Force is, why words in right order he cannot put?
  8. Re:Just plain crappy by Saige · · Score: 3, Interesting

    Nothing has changed in the way applications are programmed that now allows this to happen. What has happened is that people have just become more skilled in manupulating such situations. The possibilities were always there, it's just been more recent that people have been able to take advantage of them - and made such errors more visible.

    --
    "You know your god is man-made when he hates all the same people you do."
  9. Re:Damn It. by HawkingMattress · · Score: 4, Interesting

    So you really think it's that simple ?
    Your code is probably full of security holes, just like everybody's, and the fact that you think it's so simple is a clear evidence...
    Look, even Knuth was so certain that his code could not possibly be bugged that he promised a prize for the persons who would find bugs. And still, some were found. And we are talking about a program that was mathematically provable, and made by the living god of computer science, damnit !
    And you think that your code, which is sitting on dozens of layers speaking to each others in your back, and made with a high level language, cannot possibly have an unknow bug which could cause a security hole ?
    If so, then you're a security hole yourself.

  10. The MS Bulletin by ManuelKelly · · Score: 3, Interesting

    This is real nasty. It looks like most versions of office as well as MS Works since 2000 are affected. See the Security Bulletin Any random word document with an infected embeded jpg is a transfer vector.