Slashdot Mirror

← Back to Stories (view on slashdot.org)

Image Causes Exploitable Overflow in Microsoft Products

Posted by Zonk on from the that's-a-spicy-picture dept.

Em Adespoton writes "Core Security researchers discovered that by electing a specially-crafted graphic as the user's display picture in MSN Messenger, an attacker could trigger a buffer overflow vulnerability on the chat partner's computer. Through this, it is possible to covertly take over machines running instant messaging software. Windows Messenger and Windows Media Player are also affected by this vulnerability. The story is also available at Newsfactor.com and SearchSecurity.com."

29 of 291 comments (clear)

  1. MS loss... by LazyPhoenix · · Score: 5, Funny

    Microsofts loss is my GAIM.

    ha.

  2. Where are the Cherubs? by Speare · · Score: 5, Interesting

    I think I heard of this method of attack in a security book I read once. Where the image of an avatar's identification turned out to be a computer-infecting virus. Oh, wait, it was a novel. "Snow Crash" by Neal Stephenson.

    --
    [ .sig file not found ]
  3. Article left out significant information... by bigtallmofo · · Score: 4, Funny

    Animated pictures of shiny pocketwatches moving back and forth were found to be the most effective at taking control of other people's computers.

    --
    I'm a big tall mofo.
  4. Already fixed by dreamt · · Score: 4, Informative

    After RTFMing, this was part of this week's Microsoft patches.

    1. Re:Already fixed by stinky+wizzleteats · · Score: 4, Insightful

      After RTFMing, this problem has been known since August of last year

      I RTFMed, too. Seems like vulnerability was fixed in August of last year by Gentoo, Red Hat, andMandrake.

      Nothing compares MS security to that of the rest of the world better than seeing how they fix the same damn vulnerability. Let this be a lesson to you. Never astroturf with facts. A quality 'turf would have been to say: "Yes, but Linux has a history of at least three times as many security problems with PNG as Microsoft"

  5. MS Security Chief Says Windows is Safer Than Linux by hoggoth · · Score: 4, Funny

    Hello? Didn't you get the memo?

    MS Security Chief Says Windows is Safer Than Linux

    Now stop trying to spread FUD.

    --
    - For the complete works of Shakespeare: cat /dev/random (may take some time)
  6. Re:Worst internet worm ever? by PapaBoojum · · Score: 5, Funny

    By spreading to everyone in your buddy list, a worm based on this exploit could infect 90% of the world in a couple hours.

    I'm doing my part. I don't have any friends.

  7. Re:That's genius... by robslimo · · Score: 5, Informative

    Is this one at all related to the previous image library flaws (the vulnerability for which the GDI detection tool was released to identify any Windows apps that were affected)?

    Oh, wait, I think I found it! A patch was released for PNG processing flaws on Tuesday this week; among the affected software: Microsoft MSN Messenger.

  8. Re:That's genius... by dsginter · · Score: 4, Funny

    A friend of mine used the goatse image for his MSN person icon and I had a buffer overflow of my own.

    When did I ever eat corn?

    --
    More
  9. Ah HA! by MrFreshly · · Score: 5, Funny

    The image that triggers it is an inverted picture of Bill Gates playing cards with Sadam, Satan, and Celine Dion.

  10. Defeating the Borg? by bokmann · · Score: 4, Funny

    Isn't this the same technique Geordie LaForge came up with for introducing a virus into the Borg collective? Remember Hugh?

    Maybe the image of Bill Gates-as-Borg was a little more prophetic than we all realized.

    1. Re:Defeating the Borg? by Swamii · · Score: 4, Funny

      Yawn. I don't know about a virus, but you've just put me to sleep like Data did to the Borg in episode 128 where he issues a low-priority regeneration command to the Borg collective and then they revive Captain Picard who was actually named Locutus of Borg when he was merged into the Borg identity as he was captured on the Borg Cube after a mission of reconaissance in the ... zzzzzzzz

      --
      Tech, life, family, faith: Give me a visit
  11. *Proprietary* Network Graphic? by TomorrowPlusX · · Score: 4, Funny

    What? I thought all this time they were *Portable* Network Graphics. Well, the article says "Proprietary" so they must be right.

    --

    lorem ipsum, dolor sit amet
  12. They're wrong about PNG by BluhDeBluh · · Score: 5, Informative

    They've said that PNG stands for "Proprietary Network Graphics". In fact, this is very wrong - it's not proprietary at all. The idea of the format is that it _ISN'T_ proprietary - it's free as in speech, free as in beer, free as in patents.

    PNG really stands for Portable Network Graphics. And I hope that people don't get confused and start blaming the PNG file format for a bug that is MS's fault.

  13. Before anyone goes off bashing MS... by k98sven · · Score: 5, Informative

    Perhaps one should take note that this overflow bug is not in MS code, but in the open-source LibPNG, which MS used.

    And it's also included in most Linux distros.

    If MS is to blame, it's for their lousy reaction speed. This vunerability has been known for months.

    1. Re:Before anyone goes off bashing MS... by Nintendork · · Score: 4, Interesting
      I just verified this and you're right. Here's some info on the vulnerability.

      I wonder though why Microsoft didn't update to a newer version of libPNG when the vulnerability was addressed last August.

      -Lucas

  14. Isn't it worth mentioning by apoplectic · · Score: 5, Insightful

    The Slashdot story blurb leaves out that this fix is already available. Certainly, if the fix hadn't already been made available you could count on that tidbit being mentioned....

  15. I think I understand Windows users now... by crazyphilman · · Score: 4, Funny

    I used to struggle with the "why do they keep using it, when there are so many (much better) alternatives" question. I see now how silly my confusion was. It's all so clear...

    Windows... Is a video game!

    Sure, think about it. Can you hack your friend Billy's computer before he hacks yours while you chat online? The suspense must be very exciting. Who has the better Script? Who has the better collection of vulnerabilities?

    It must be almost like playing Magic: The Gathering, or one of the other card games kids are into now. "My hack trumps yours! I get all your pr0n!"

    Suddenly I feel very boring. Sigh... It's okay, Slackware, I love you even IF you're secure. I'll just have to settle for being Rudolph, and not play in any Reindeer Games.

    Oh! Look! My Microwave just beeped! Pea Soup!

    Mmmm!

    --
    Farewell! It's been a fine buncha years!
  16. The exploit..... by FreshlyShornBalls · · Score: 5, Informative

    .....is already out.

    --
    This space intentionally left blank.
  17. Re:What??? by hoggoth · · Score: 4, Funny

    Phwew. I was about to go BALLISTIC on your post... but then thank goodness I saw the '/sarcasm' at the end. I mean, I was stoked up to spew some hellfire on you for your outrageous statements. They seemed... almost... too extreme to believe. Now that I see you clearly labelled it as 'sarcasm' I took a step back, and I'm cooling off. Shaking my arms, letting the anger go.

    Good thing you clearly labelled it as sarcasm.

    'cause otherwise I wouldn't have known.

    Really good sarcasm, too.

    Got me, there.

    Phwew.

    --
    - For the complete works of Shakespeare: cat /dev/random (may take some time)
  18. Re:When will this stop being "news?" by Strudelkugel · · Score: 4, Informative

    The patch was released on Feb 8, the story comes out on Feb 11. Right, not much to see here.

    Maybe the RAF has a big PowerPoint that's of interest on web server somewhere...

    --
    Imagine how much harder physics would be if electrons had feelings! -Feynman, maybe
  19. 6 months to patch a known vulnerability by hweimer · · Score: 4, Informative

    The vulnerability is described in MS05-009 which refers to CAN-2004-0597. This is a buffer overflow in libpng which was fixed in early August last year. So Microsoft needed six months to fix a publicly known vulnerability.

    --
    OS Reviews: Free and Open Source Software
  20. Re:From TFA: Proprietary Network Graphics (PNG)!?! by iggymanz · · Score: 4, Funny

    no, it's Pornographic Network Graphics, your definition is just a smoke screen so the religious right doesn't get all fired up

  21. Re:MS Security Chief Says Windows is Safer Than Li by BrynM · · Score: 4, Funny
    Anyone ever done a study to determine the mean time between when MS claims their products are secure and when the next exploit is announced?
    Measuring negative time is moot.
    --
    US Democracy:The best person for the job (among These pre-selected choices...)
  22. Re:but its more secure than linux! by TFGeditor · · Score: 4, Interesting

    But, have you ever tried to uninstall MS Messenger? http://www.theregister.co.uk/2002/04/02/windows_me ssenger_trojan_update/

    Those not blessed with geekiness cannot do it, so are stuck.

    --
    Ignorance is curable, stupid is forever.
  23. once upon a time... by ultramk · · Score: 5, Interesting

    a friend of mine used to work for MS on a version of IE... one bug they were trying to track down involved jpg (or was it gif) images of a certain--very large--dimension that could in some circumstances cause boot-block overwrite on the boot drive as it was being cached... (this was a few years back...)

    when this bug was being discussed in a meeting, the first thing that was said was something to the effect of "oh, and if you tell anybody--anybody--about this, you might as well look for a new job at the same time, and a good lawyer."

    of course, this was a few years ago, and from what i understand it was fixed right away, but still...

    m-

    --
    You catch enchiladas by picking them up behind the head and holding them underwater until they don't kick anymore -VeGas
    1. Re:once upon a time... by t_allardyce · · Score: 4, Insightful

      He should have said 'oh, and if you pay me anything -- anything less than $300,000 for this fix, you might as well look for a new job too, and a good PR team to cover up the leak i spill.'

      --
      This comment does not represent the views or opinions of the user.
  24. Removing MSN Messenger doesn't actually remove it by EnronHaliburton2004 · · Score: 4, Interesting

    So anyone else notice that if you remove MSN Messenger and Outlook Express via the Control Panel's "Add/Remove Programs", the programs aren't actually removed from "C:\Program Files\Messenger" and "C:\Program Files\Outlook Express" ?

    WindowsUpdate still asks you to install patches for Messenger and OE, even though they are supposedly "uninstalled".

    IE still somtimes shows a Messenger icon on one of the toolbars.

    I still occasionally find the the MSN Messenger icon in the status tray, even though it is supposedly "uninstalled", and the users on my network aren't smart enough to run MSN Messenger from the commandline.

    What gives?

    --
    94% of Repubs and 21% of Dems voted to renew the Patriot Act
  25. Re:Removing MSN Messenger doesn't actually remove by MrP-(at+work) · · Score: 5, Informative
    Yeah that never uninstalls it

    You have to manually call the uninstall section of the msn messenger INF file.. ive done it so many times i type it from memory..

    go to start>run, and type
    rundll32 advpack.dll,LaunchINFSection %windir%\inf\msmsgs.inf,BLC.Remove
    make sure msn messenger is closed first so it wont error when it unregisters the dll files
    --
    [an error occurred while processing this directive]