- Dec 18, 2001
- 24,036
- 21
- 81
I'm sure you have already heard about the GDI+ JPEG processing buffer exploit. In case you haven't, here is a refresher:
JPEG Vulnerability
I just came across a website with an image that attempted to use this exploit, but my personal firewall (sygate) blocked it. This wasn't something I got in an email, it actually was a legitimate website I visited, and I have already sent them an email about it.
Why this has such a big impact on you:
html rendered emails (whether from friends or spam)
websites
ads in p2p programs
adware / popup ads
google cached images (unless they're filtering for this?)
pic upload servers (like bbzzdd)
I hypothesized in my article a jpeg virus that could actually infect other jpegs. Make sure your antivirus and personal firewalls are up to date!
FYI This isn't just a Windows problem. Patches were recently released for a buffer expoit in PNG processing on Linux machines:
Latest Linux Vulnerabilities
JPEG Vulnerability
I just came across a website with an image that attempted to use this exploit, but my personal firewall (sygate) blocked it. This wasn't something I got in an email, it actually was a legitimate website I visited, and I have already sent them an email about it.
Why this has such a big impact on you:
html rendered emails (whether from friends or spam)
websites
ads in p2p programs
adware / popup ads
google cached images (unless they're filtering for this?)
pic upload servers (like bbzzdd)
I hypothesized in my article a jpeg virus that could actually infect other jpegs. Make sure your antivirus and personal firewalls are up to date!
FYI This isn't just a Windows problem. Patches were recently released for a buffer expoit in PNG processing on Linux machines:
Latest Linux Vulnerabilities