|
Microsoft GDI+ Library JPEG Segment Length Integer Underflow Vulnerability
A proof of concept JPEG that will trigger this issue and crash the affected library is available. It is also reported that the Solar Designer proof of concept 'crash-netscape.jpg' will trigger this vulnerability. An additional proof of concept exploit 'jpegcompoc.zip' is made available by GulfTech Research. A script to create a proof of concept JPEG 'ms04-028.sh' is also available. The 'MSjpegExploitByFoToZ.c' exploit, which opens a command shell on the local system, is available. An additional exploit, "jfif-expII.sh", with a functional payload has been published. The payload will add user "X" to the Admin group when executed. The exploit is reportedly successful against various versions of GDI+. A new exploit, "JpegOfDeath.c", is available. It is based on the FoToZ exploit but provides a reverse connection for the command shell. CORE has developed a working commercial exploit for their IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
|
|
 Privacy Statement |
