Thanks Cryo ... It's very important to test your PC and I give you an A+ for alerting our forum members
... I've got more details on the ISC tool in my blog and suggest that everyone run a copy of this and look for items flagged in RED Internet Storm Center GDI+ Scan toolI'd recommend that everyone run the GDIplus Scanner offered by ISC as noted above ... It's a neat and fast tool to detected vulnerabilities (just double-click after a 6KB download and they show up in the color red). It ain't a matter of IF but WHEN we'll see DANGEROUS JPEGs floating around in email and on hostile web sites
A new toolkit designed to create malformed and potentially dangerous JPEGs has been released to the public.MS04-028 - JPEG Exploit Toolkit released to publichttp://isc.sans.org//diary.php?date=2004-09-25
A toolkit designed to exploit a recently-disclosed Microsoft JPEG vulnerability has been released. The security hole compromises the system and creates a buffer overflow condition. This could potentially allow an attacker to create a JPEG file. The JPEG file would then over take control of a victim's machine when the user views it through Internet Explorer, Outlook, Word, and other programs. http://www.theregister.co.uk/2004/09/24/jp...xploit_toolkit/
For a complete list of Operating Systems and Application Programs potentially affected by this see Microsofts information at: http://www.microsoft.com/security/bulletins/200409_jpeg.mspx
A group of Handler's have been "playing" with the toolkit. So far it hasn't worked too well. However, as with all of these, they have a tendancy to get better real fast. Therefore apply the patches on both the Operating Systems and Application Programs as recommended by Microsoft.
The 3 major anti-virus companies have now released definition files that will detect the JPEG exploits.
Symantec - Hacktool.JPEGDownload http://securityresponse.symantec.com/avcen...egdownload.html
McAfee - Exploit-MS04-028 http://us.mcafee.com/virusInfo/default.asp...&virus_k=128461
Trend Micro - HKTL_JPGDOWN.A http://www.trendmicro.com/vinfo/virusencyc...=HKTL_JPGDOWN.A
Edited by harrywaldron, 25 September 2004 - 06:06 AM.