Severity Rating: Critical
MS has released a patch:
Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)
Non - Microsoft products are also vulnerable.
SANS Institute has released a scanner:
GDI Scan
Update ASAP the vulnerable products and your AV.
Full Version: GDI Scanner Released
Thanks Cryo ... It's very important to test your PC and I give you an A+ for alerting our forum members 
... I've got more details on the ISC tool in my blog and suggest that everyone run a copy of this and look for items flagged in RED
Internet Storm Center GDI+ Scan tool
I'd recommend that everyone run the GDIplus Scanner offered by ISC as noted above ... It's a neat and fast tool to detected vulnerabilities (just double-click after a 6KB download and they show up in the color red). It ain't a matter of IF but WHEN we'll see DANGEROUS JPEGs floating around in email and on hostile web sites
A new toolkit designed to create malformed and potentially dangerous JPEGs has been released to the public.
MS04-028 - JPEG Exploit Toolkit released to public
http://isc.sans.org//diary.php?date=2004-09-25
A toolkit designed to exploit a recently-disclosed Microsoft JPEG vulnerability has been released. The security hole compromises the system and creates a buffer overflow condition. This could potentially allow an attacker to create a JPEG file. The JPEG file would then over take control of a victim's machine when the user views it through Internet Explorer, Outlook, Word, and other programs.
http://www.theregister.co.uk/2004/09/24/jp...xploit_toolkit/
For a complete list of Operating Systems and Application Programs potentially affected by this see Microsofts information at:
http://www.microsoft.com/security/bulletins/200409_jpeg.mspx
A group of Handler's have been "playing" with the toolkit. So far it hasn't worked too well. However, as with all of these, they have a tendancy to get better real fast. Therefore apply the patches on both the Operating Systems and Application Programs as recommended by Microsoft.
JPEG Hacktool
The 3 major anti-virus companies have now released definition files that will detect the JPEG exploits.
Symantec - Hacktool.JPEGDownload http://securityresponse.symantec.com/avcen...egdownload.html
McAfee - Exploit-MS04-028 http://us.mcafee.com/virusInfo/default.asp...&virus_k=128461
Trend Micro - HKTL_JPGDOWN.A http://www.trendmicro.com/vinfo/virusencyc...=HKTL_JPGDOWN.A
... I've got more details on the ISC tool in my blog and suggest that everyone run a copy of this and look for items flagged in RED Internet Storm Center GDI+ Scan tool
I'd recommend that everyone run the GDIplus Scanner offered by ISC as noted above ... It's a neat and fast tool to detected vulnerabilities (just double-click after a 6KB download and they show up in the color red). It ain't a matter of IF but WHEN we'll see DANGEROUS JPEGs floating around in email and on hostile web sites
A new toolkit designed to create malformed and potentially dangerous JPEGs has been released to the public.
MS04-028 - JPEG Exploit Toolkit released to public
http://isc.sans.org//diary.php?date=2004-09-25
A toolkit designed to exploit a recently-disclosed Microsoft JPEG vulnerability has been released. The security hole compromises the system and creates a buffer overflow condition. This could potentially allow an attacker to create a JPEG file. The JPEG file would then over take control of a victim's machine when the user views it through Internet Explorer, Outlook, Word, and other programs.
http://www.theregister.co.uk/2004/09/24/jp...xploit_toolkit/
For a complete list of Operating Systems and Application Programs potentially affected by this see Microsofts information at:
http://www.microsoft.com/security/bulletins/200409_jpeg.mspx
A group of Handler's have been "playing" with the toolkit. So far it hasn't worked too well. However, as with all of these, they have a tendancy to get better real fast. Therefore apply the patches on both the Operating Systems and Application Programs as recommended by Microsoft.
JPEG Hacktool
The 3 major anti-virus companies have now released definition files that will detect the JPEG exploits.
Symantec - Hacktool.JPEGDownload http://securityresponse.symantec.com/avcen...egdownload.html
McAfee - Exploit-MS04-028 http://us.mcafee.com/virusInfo/default.asp...&virus_k=128461
Trend Micro - HKTL_JPGDOWN.A http://www.trendmicro.com/vinfo/virusencyc...=HKTL_JPGDOWN.A
QUOTE(harrywaldron @ Sep 25 2004, 07:00 AM)
Thanks Cryo ... It's very important to test your PC and I give you an A+ for alerting our forum members
Thanks Harry, I'm flattered.
Is there a reason why I shouldn't replace vulnerable files in non-Microsoft products with non-vulnerable files from Microsoft products ?
I have replaced gdiplus.dll (vulnerable) in ConceptDraw V with a new one (updated) found in the Office folder. ConceptDraw V seems to work fine with this new file.
3rd party vendors that redistribute GDI+ dlls should provide an undated version. Substitution might also work okay for 3rd party products. When an updated version comes out for the 3rd party software, then you can patch up further.
MS doesn't recommend this for Office as it will get GDI+ registration out-of-sync with the Windows registry affecting future Office Updates.
MS doesn't recommend this for Office as it will get GDI+ registration out-of-sync with the Windows registry affecting future Office Updates.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.