Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


MS04-028: F-Secure's Updated information on GDI+

  • Please log in to reply
No replies to this topic

#1 harrywaldron


    Security Reporter

  • Members
  • 509 posts
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:06:52 AM

Posted 06 October 2004 - 08:20 AM

F-Secure which provides excellent AV products shares a good update on the gdiplus.dll vulnerabilities associated with malformed JPEGs. Their daily weblog is excellent (a must read for me every day) and today's entry is especially informative.

F-Secure: Updated information on GDI+ JPG vulnerabilities

Renewed notice on the GDI+ JPG vulnerability - (Oct 5th)

We've posted another notice on the JPG vulnerability, trying to get people to patch before it's too late.


Couple of notices on this vulnerability:

- Filtering files with .JPG extension won't protect you much. Bad JPGs can be renamed to .BMP or even .ICO and they still work fine

- To update Word, Excel and other Office tools, most users need to visit officeupdate.microsoft.com - but keep your Office installation CD handy!

- In some cases, Internet Explorer will run into the vulnerability before it has saved the offending JPG file to the IE cache folder - which means most workstation antivirus products won't have a chance to scan it before it's too late. Gateway-based antivirus scanners (like F-Secure Internet Gatekeeper) take care of this problem

- However, exploiting Internet Explorer with this vulnerability seems to be particularily hard. Exploiting Windows XP's EXPLORER.EXE while viewing local JPG files is much easier and several toolkits to create JPGs like this exist. This reduces the likelyhood of appereance of a massmailer worm using this vulnerability

- Finally, if you scan JPGs with this exploit embedded in them, F-Secure Anti-virus will detect them

For more, see our description.


BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users