About | Buy Stuff | News | Products | Rants | Search | Security | Social
Home » News » Roundups

Explosion of a Snippet

30 September 2004 23:02 UTC
Underflows are dangerous too.

It took but two days for someone to find a vulnerability in the Microsoft code leaked 14 February of this year. It was an 'underflow' error and was fully explained at this site at the time.

It was an error typical of Microsoft and of their way of thinking - or not thinking. It bespoke the incredible morass of data types that Windows code continually has to go through - and showed how one sloppy programmer could bring the whole house of cards down.

No immediate exploit was discovered at the time - in fact the general consensus was this particular one would be hard to use in an exploit - but give them enough time, and give them the programming ineptitude of Microsoft, and anything is possible. NewScientist.com (see link below) started getting panicky a month ago.

Do consult the other article for more information, but what in essence has happened is this:

You can now, when using Microsoft Internet Explorer and Microsoft Outlook and Outlook Express, get infected - get your entire computer overtaken by malfeasant criminals - just by visiting any ordinary web site - any web site at all.

The beauty - the evil beauty - is that the exploit code is put in image files - JPEGs. Microsoft's code treats the formatting information incorrectly, an 'underflow' occurs, the exploit code gets to run, your computer is toast.

And all you did was follow a link and surf to a site.

The image does not have to be of any special dimensions either - it can be a 'web bug' - an unnoticed 1 x 1 white pixel - just as easily. All the malfeasant code has to do is doctor and fudge the headers and get the exploit code in there.

You'll be hit and you won't even know it.

The error is in the MSHTML rendering module, and Microsoft do have a fix, so if you're brain damaged (running IE and OE), you'd best stop by and get it now. That is unless you don't mind having your savings account gutted within the next half hour.


MS04-028
http://microsoft.com/technet/security/bulletin/MS04-028.mspx


Poison porn pics show up online
http://news.bbc.co.uk/2/hi/technology/3701640.stm


JPEG Bug Raises Many Questions
http://www.eweek.com/article2/0,1759,1646424,00.asp


JPEG Bug Puts Windows At Critical Risk
http://smallbizpipeline.com/47212176


Software bug raises spectre of 'JPEG of death'
http://www.newscientist.com/news/news.jsp?id=ns99996408

About | Buy | News | Products | Rants | Search | Security
Copyright © Radsoft. All rights reserved.