Jpeg overflow, part the second.
Sep. 24th, 2004 12:48 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
saint_monkeyIn an earlier entry, I mentioned a Microsoft security announcement concerning an overflow while processing Jpeg images. Virii exploiting this did not exist, because Microsoft kept the exploit secret until they had created a patch for it. Since most people that write virii write them to exploit known security holes, I figured that the virii writers would start that day. To give you an idea of how quickly this can be accomplished, a security company published "Proof of concept" code on the 21st in the form of a zipped image (jpegcompoc) that causes an overflow and crash.
This takes us one step closer to an actual virus, since script kiddies can now crack and piggyback off of this proof of concept code to craft a virus.
This takes us one step closer to an actual virus, since script kiddies can now crack and piggyback off of this proof of concept code to craft a virus.
