GDI+ JPEG rendering exploit

Discuss security issues related to microsoft products

Moderator: Community Moderators

Post Reply
jd2kuk
Posts: 1537
Joined: Fri Mar 16, 2007 12:19 am
Location: UK

GDI+ JPEG rendering exploit

Post by jd2kuk » Sun Feb 03, 2008 7:31 pm

Anyone remember this? :P

Also, anyone got any experience in exploiting it ;)

User avatar
Majik
Posts: 83
Joined: Tue Dec 24, 2002 6:26 pm
Contact:

Re: GDI+ JPEG rendering exploit

Post by Majik » Mon Feb 25, 2008 4:35 pm

That was fun.

Don't think it's used much anymore now though :/

jd2kuk
Posts: 1537
Joined: Fri Mar 16, 2007 12:19 am
Location: UK

Re: GDI+ JPEG rendering exploit

Post by jd2kuk » Mon Feb 25, 2008 5:34 pm

Don't know why; loads of computers are vulnerable to it right now.

User avatar
Majik
Posts: 83
Joined: Tue Dec 24, 2002 6:26 pm
Contact:

Re: GDI+ JPEG rendering exploit

Post by Majik » Mon Feb 25, 2008 9:25 pm

Interesting, I wonder if a new update that was released broke it again.

Any idea on the system info on the vulnerable machines?

jd2kuk
Posts: 1537
Joined: Fri Mar 16, 2007 12:19 am
Location: UK

Re: GDI+ JPEG rendering exploit

Post by jd2kuk » Tue Feb 26, 2008 6:22 pm

Knowing microsoft, it wouldn't surprise me :P

And it affects pre-SP2 windows xp installs.

User avatar
missi0n
Posts: 256
Joined: Sat Jan 27, 2007 9:15 pm
Location: UK
Contact:

Re: GDI+ JPEG rendering exploit

Post by missi0n » Tue Apr 15, 2008 7:48 pm

I've not got a clue what exploit you're on about? care to explain :?

jd2kuk
Posts: 1537
Joined: Fri Mar 16, 2007 12:19 am
Location: UK

Re: GDI+ JPEG rendering exploit

Post by jd2kuk » Tue Apr 15, 2008 11:21 pm

To sum it up dramatically: imagine being able to give a person a virus, or remotely execute commands on their computer- just by them looking at a picture.

Science fiction? Nope, today's fact.

The gory details are here: http://www.milw0rm.com/search.php?dong= ... ows%20jpeg

;)

Post Reply