Slashdot Mirror

← Back to Stories (view on slashdot.org)

Flaw in Microsoft JPEG Parsing

Posted by timothy on from the some-sites-have-more-than-others dept.

KDan writes "As reported by numerous sources, a new vulnerability has been disclosed (and patched) by Microsoft. This one concerns the parsing of JPEGs in XP Microsoft applications. A buffer overflow can be used to execute arbitrary code. So all those times you told your parents/friends that looking at images was safe - well, not anymore."

6 of 555 comments (clear)

  1. As reported by numerous sources by BestNicksRTaken · · Score: 0, Offtopic

    So why did you have to start a thread about it too?

    Jees, I've got turned down so many times for relevant articles on here, how come this crap that we've all already read elsewhere, that isn't even that interesting, still gets let through?!

    Jees, next there will be reposts about a map of the Simpsons town, oh wait....

    --
    #include <sig.h>
  2. Popups on ./ by quantaman · · Score: -1, Offtopic

    As I clicked on this story a popup ad for an XServe came up (how it got around blocker...). I've seen it happen once before (a few weeks ago) has anyone seen this happen before? Did /. somehow send the popup or did another site I was visiting send it (there's only one site that was open that was allowed to open popups and it only opens them for info, not ads) when I went to this story. Offtopic yeah but was just wondering if anyone had any info.

    --
    I stole this Sig
  3. Re:Untrusted data by Anonymous Coward · · Score: -1, Offtopic

    And what language do you propose to write the VM in? Additional layers of indirection don't really protect you from anything, so much as they slow everything down. Many things impliment there own VM's anyway (freetype, sqlite yada, yada). Memory management, safe string ops and GC require a decent library at best; what we shouldn't do is start implimenting VM's within VM's.

    "There was an old woman who swalled a fly"

  4. MODS!!! by darkmeridian · · Score: 0, Offtopic

    This is not off-topic. It is an Anonymous Coward, but he asks a legitimate question. I'm not going to answer it, nor am I sure whether it should be answered, but it is not off-topic to this thread. It in fact, would clarify the conversation.

    And while you're looking here, go through my previous messages and mod them up. You can be kind of like a "cold-case" squad.

    --
    A NYC lawyer blogs. http://www.chuangblog.com/
  5. Completely OT but...airpwn? by BillX · · Score: 0, Offtopic

    Not aimed at the original poster, just another kiddy rant.

    From the top Google result for the airpwn project:

    HTTP javascript alert boxes, letting people know just how pwned they were

    Pwned? What kind of kiddies come up with this stuff; that's not even pronounceable. If you're going to make up some l33t term for kiddying somebody's box, at least make it pronounceable so that you can tell your friends what you did without sounding like a complete dumbass (you know...in person...you do talk to people in person, right?)

    E.g.: "Haha, dude, I went to this coffeeshop, and everyone was on their like wireless thingamabobs, right? So I set up an injector node so that every image in the pages they loaded had little goatse's on them. I totally narfed them! I even popped up little boxes telling them how narfed they were."

    --
    Caveat Emptor is not a business model.
  6. Re:If you think looking at images is safe... by Anonymous Coward · · Score: -1, Offtopic

    gee thanks prick, I hadn't gotten it either.