Slashdot Mirror

← Back to Stories (view on slashdot.org)

Flaw in Microsoft JPEG Parsing

Posted by timothy on from the some-sites-have-more-than-others dept.

KDan writes "As reported by numerous sources, a new vulnerability has been disclosed (and patched) by Microsoft. This one concerns the parsing of JPEGs in XP Microsoft applications. A buffer overflow can be used to execute arbitrary code. So all those times you told your parents/friends that looking at images was safe - well, not anymore."

27 of 555 comments (clear)

  1. If you think looking at images is safe... by apanap · · Score: 5, Funny

    ...you obviously never saw goatse...

    --
    Give me a job. Please?
    1. Re:If you think looking at images is safe... by savagedome · · Score: 5, Funny

      Well, let me try to phrase it as precisely as I can. "It's something that makes a man out of a boy, instantly".

      --


      Free XBox, PS2
    2. Re:If you think looking at images is safe... by kabloom · · Score: 5, Informative

      What is goatse? Look it up on wikipedia. The entry is goatse.cx. You'll be glad you didn't have to see the image.

    3. Re:If you think looking at images is safe... by Anonymous Coward · · Score: 5, Funny

      See this month's issue of Time.

    4. Re:If you think looking at images is safe... by lateralus_1024 · · Score: 5, Funny

      1) Think of Goatse as a "portal".
      2) Goatse is a high bandwidth information highway in itself.
      3) Goatse can be a hiding place.
      4) Goatse tests the limits of humanity.
      I ran out of ideas, AC's of the world please fill in the rest...

      --
      If you think /. comments are bad, check out Digg.
  2. Not the problem by MikeMacK · · Score: 5, Insightful
    "The vulnerability could only be exploited by an attacker who persuaded a user to open a specially crafted file or to view a directory that contains the specially crafted image," Microsoft said in a statement. "There is no way for an attacker to force a user to open a malicious file."

    The problem is not "forcing" people to open attachments, the problem has always been that people open attachments.

    1. Re:Not the problem by Carnildo · · Score: 5, Informative

      The full list of affected programs, from Microsoft's site:

      * Windows XP
      * Windows XP Service Pack 1 (SP1)
      * Windows Server 2003
      * Internet Explorer 6 SP1
      * Office XP SP3
      Note Office XP SP3 includes Word 2002, Excel 2002, Outlook 2002, PowerPoint 2002, FrontPage 2002, and Publisher 2002.
      * Office 2003
      Note Office 2003 includes Word 2003, Excel 2003, Outlook 2003, PowerPoint 2003, FrontPage 2003, Publisher 2003, InfoPath 2003, and OneNote 2003.
      * Digital Image Pro 7.0
      * Digital Image Pro 9
      * Digital Image Suite 9
      * Greetings 2002
      * Picture It! 2002 (all versions)
      * Picture It! 7.0 (all versions)
      * Picture It! 9 (all versions, including Picture It! Library)
      * Producer for PowerPoint (all versions)
      * Project 2002 SP1 (all versions)
      * Project 2003 (all versions)
      * Visio 2002 SP2 (all versions)
      * Visio 2003 (all versions)
      * Visual Studio .NET 2002
      Note Visual Studio .NET 2002 includes Visual Basic .NET Standard 2002, Visual C# .NET Standard 2002, and Visual C++ .NET Standard 2002.
      * Visual Studio .NET 2003
      Note Visual Studio .NET 2003 includes Visual Basic .NET Standard 2003, Visual C# .NET Standard 2003, Visual C++ .NET Standard 2003, and Visual J# .NET Standard 2003.
      * .NET Framework 1.0 SP2
      * .NET Framework 1.0 SDK SP2
      * .NET Framework 1.1
      * Platform SDK Redistributable: GDI+

      --
      "They redundantly repeated themselves over and over again incessantly without end ad infinitum" -- ibid.
    2. Re:Not the problem by JayJay.br · · Score: 5, Insightful

      I would go even further: opening a specially crafted image is automatic if it is inside an HTML page.

      How easy would it be to make a website about almost anything and containing one of these babies?

      On a sidenote, would Firefox on Windows be vulnerable? Does it use Microsoft's JPEG library or does it have libjpeg embedded?

  3. Re:Why? by Anonymous Coward · · Score: 5, Funny

    because any lawyer that has a chance of winning already works for microsoft

  4. i knew it! by Coneasfast · · Score: 5, Funny

    and i was always telling everyone from the start, download your porn in png format.

    --
    Marge, get me your address book, 4 beers, and my conversation hat.
  5. Personal attack... by chill · · Score: 5, Funny

    I've been telling people for years "no, you can't get a virus from things like a JPEG picture. You're fine."

    Now this. Considering how many bugs are reported in all version of MS software, it is entirely possible that there are PERSONAL bugs. "This one is for Charles. Let's fuck with him."

    Sigh...

    -Charles

    --
    Learning HOW to think is more important than learning WHAT to think.
    1. Re:Personal attack... by RocketScientist · · Score: 5, Interesting

      Before that, I told people for years, "No, you can't get a virus from just opening an email". Then the first "outlook virus that spams everyone in your address book" happened.

      Is anything safe? Should I start telling people, "No, actually nothing is safe, and you should just not use the computer if you don't want it infected with something nasty".

      Or just get them Macs.

  6. WARNING - useless buzzword alert!!!! by Anonymous Coward · · Score: 5, Funny

    The parent post has been flagged for violation of the "Anti Buzzword Use Act". Specific violation: use of the phrase "attack vector". Sanction: exile from use of any computer, writing utensil or paint brush for 10 years.

  7. Back in the day by Eberlin · · Score: 5, Insightful

    Call me old school, but remember back in the day when opening e-mail was ok, and that executable attachments were what we watched out for? Images were ok, MIDI files were ok, and a bit later, even MP3 files were ok.

    Of course if the same codebase were used then, it NEVER was ok...but we sure thought things were juuuust fine.

    Is this any way related to the leaked code that led to a vuln discovery regarding BMP files? I know it's a different format but seems like parsing image files spells some trouble.

  8. this isn't the first image exploit by gnat_x · · Score: 5, Interesting

    there have been lots of image exploits put out there.

    if memory serves there was even a png patch for linux this past summer.

    gif exploits have been around for a while too.

    the real worry here, as with most M$ security releases is how long they knew about it, and whether they waited until SP2 was released so they could say that their new software didn't have that vulnerability.

    microsoft security department, we take orders from marketing!

  9. Untrusted data by ChiralSoftware · · Score: 5, Interesting
    We're going to get burned over and over and over and then we will get burned some more by processing untrusted data (stuff off the net) using any language that has unsafe memory operations. This isn't just a Microsoft problem; we've seen the same problems in zlib (PNG), resulting in vulnerabilities in almost all Linux/Unix apps that handle graphics. We're going to keep seeing these problems until we start handling all unsafe data as if it's got a contagious disease, which means handling it in an isolated environment like a VM.

    ---------
    WAP software

  10. Microsoft should give up on IE by blcamp · · Score: 5, Funny


    They should forget about Internet Explorer and try thier hand on a different line of sofware... ...like, say, e-voting.

    --
    The problem with socialism is that they always run out of other people's money. - Margaret Thatcher
  11. Thank god for ASCII pr0n! by shawnce · · Score: 5, Funny

    Don't worry folks you can still get your pr0n with out getting a social dease...

    www.asciipr0n.com

  12. Spin Control by Wanker · · Score: 5, Insightful
    From http://www.microsoft.com/technet/security/Bulletin /MS04-028.mspx:
    In a Web-based attack scenario, an attacker would have to host a Web site that contains a Web page that is used to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site.


    I like the phrase "no way to force users to visit a malicious Web site". How many users have image views enabled in their mail client? How hard would it be for a shady advertiser or a hacked advertiser to include a malicous JPEG as a banner ad?
  13. Re:Damn It. by Portigui · · Score: 5, Insightful
    Don't trust outside data. Don't developers think of these things?
    Of course we think of things but it is never possible to think of every possible scenario when you are punching out applications with hundreds of thousands lines of code. An old college professor of mine once said: "There is no such thing as a perfect programmer. Those that think they are, are either a fool or a liar."
  14. Remember the days? by Garabito · · Score: 5, Funny
    When you tought you couldn't get a virus by opening a document in a word processor?

    Microsoft made it possible.


    When you assumed you couldn't get attacked by loading a web page?

    Microsoft made it possible, too.


    When you sweared you couldn't get infected just by receiving e-mail?

    Microsoft made it possible, again.



    And now, by the very same people who gave you all that...


    The JPEG parser vulnerability!!!


    God, this company has really brought innovation to the industry!

  15. Re:Why? by ArsonSmith · · Score: 5, Insightful

    Well yea because you wouldn't expect a file cabnet to shred your files.

    On the other hand Microsoft spent years conditioning people to belive that computers just randomly shred your files.

    --
    Paying taxes to buy civilization is like paying a hooker to buy love.
  16. This post is only directed towards Todd Walters by null+etc. · · Score: 5, Funny
    Todd Walters, remember 12 years ago in college when I told you that an exploit could theoretically take control of an operating system due to a flaw in the library that renders static graphics? And you said that no, only code that has a chance of executing can lead to exploits?

    I Told You So.

    BTW if you see this leave me a post, I haven't heard from you in 12 years and I don't know where you are.

  17. [OT] Speaking of Parsing JPEGs... by 4of12 · · Score: 5, Funny

    Is there anykind of a browser plug-in I could use to deciper steganographically enhanced JPEG images that might just come over plain old unsuspicious unencrypted http?

    GIFs were evil, PNG support lacked transparency, now JPEGs can cause buffer overflows - I'd say that IE has an image problem... Excuse me while I just run away now.

    --
    "Provided by the management for your protection."
  18. no way to force you to open a jpeg? by Risto · · Score: 5, Insightful

    "There is no way for an attacker to force a user to open a malicious file."

    This has got to be one of the stupidest things MS has ever said.

    It's called spam!!!
    99.999% of email programs and browsers automatically "open" images for viewing

    We all get spam
    the image can be a logo or something nonsuspicious
    embedded in the email

    So you only have to read the email
    to get infected

  19. Sexy virus by Anonymous Coward · · Score: 5, Funny

    So the next Anna Kournikova virus will actually be a picture of Anna Kournikova

  20. Sorry... by keiferb · · Score: 5, Funny

    On Microsoft products, porn screws YOU!