Feeds

JPEG exploit toolkit spotted online

DIY buffer overflow assault

  • alert
  • submit to reddit

Using blade systems to cut costs and sharpen efficiencies

A toolkit designed to exploit a recently-disclosed Microsoft JPEG vulnerability has been released onto the net. The toolkit (screen shot from AV firm F-Secure here) makes it trivially easy for maliciously-minded attackers, however unskilled they might be, to exploit unpatched Windows systems and run malicious code.

The attack mechanism used here takes advantage of a recently discovered flaw in the way Microsoft applications process JPEG image files. Malformed JPEG files are capable of triggering a buffer overflow in a common Windows component (the GDI+ image viewing library), it was revealed last week. This behaviour creates a ready mechanism to inject exploit code into vulnerable systems. Windows XP and Windows Server 2003 make use of vulnerable library by default. Other Windows OSes might be vulnerable, depending on what applications users have installed.

Microsoft, which unsurprisingly rates the vulnerability as critical, released a patch to defend against the flaw on 14 September. To be at risk, users have to open a JPEG file modified to trigger the flaw using either IE or Outlook. They also need to be unpatched. Unfortunately there's plenty of scope for both conditions to be met and the gene pool of potential victims is huge.

The problem is exacerbated by the fact JPEG files are typically viewed "as a benign and trusted file format... as such it is possible to cause image files to be viewed with minimal user-interaction through several applications including many email clients such as Outlook and Outlook Express," Security tools vendor ISS notes. "There is also potential for automatic exploitation in the form of a network-propagating worm."

Since the Microsoft's update security firm ScanSafe, which looks for malware in web traffic, has stopped numerous JPEG files identified as containing the exploit.

Users are strongly advised to download and install the latest software patches from Microsoft and to update their anti-virus definitions as soon as possible. If you haven't done it already now would be a very good time. Sysadmins need to include the contents of JPEG files among the types of traffic scanned by network security tools. Several gateway AV scanners, for example, do not inspect image files by default. ®

Related stories

Microsoft warns of poisoned picture peril
Malware by numbers: online virus creation tool spotted
Virus toolkits are s'kiddie menace

Boost IT visibility and business value

More from The Register

next story
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.