Exploit Code Appears for MS Graphics Flaw | eWeek

Exploit Code Appears for MS Graphics Flaw

Écrit par
Michael Myser
Michael Myser
Sep 23, 2004
3 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

Just a week after Microsoft released a patch to plug a security flaw in the way at least 13 of its programs handle the JPEG imaging format, code appeared on the Internet on Wednesday showing how to exploit those holes. Though this exploit code alone is not a threat, it will likely be a jumping-off point for the next round of PC attacks.

“Other people are probably already working on tweaking that code,” said Craig Schmugar, virus research manager at security firm McAfee Inc., based in Santa Clara, Calif. The proof-of-concept code demonstrates the ability to execute commands through the JPEG exploit and, if altered, could allow infected PCs to be controlled by attackers.

“The teeth were taken out of [the sample code],” said Dave Hawkins, technical support engineer at Mahwah, N.J.-based Radware, which specializes in application security and availability. “But its a rather trivial matter to modify that and make it pretty nasty.” Other hackers could tack on existing worm code or a back door for controlling PCs remotely, he said.

“By the weekend, well likely see a remote-access Trojan thats exploiting this code,” Schmugar said. “Its the next logical extension.”

Microsoft Corp. announced a patch (bulletin MS04-028) on Sept. 14 to protect users from the exploit. Because so many applications share the flaw, users likely must complete both a Microsoft Windows update as well as an Office update to cover Microsoft programs. The company is also providing a tool for users to scan their computers in order to determine what third-party software components could be vulnerable.

A Microsoft spokeswoman said customers who have deployed the patch are not at risk from the exploit code, and McAfees Schmugar said it will go a long way toward protecting the most common applications such as Internet Explorer, which are also the most likely to be attacked.

/zimages/5/28571.gifClick herefor more on the Microsoft graphics bug.

This isnt the first case of security flaws related to imaging software. Earlier this year, a vulnerability was found in how Internet Explorer 5.0 handles the bitmap format, which was never exploited. And according to Hawkins, in 2000 a flaw was found in Netscapes handling of JPEG images, which is similar to the latest iteration. But industry observers say the results could be more serious this time around.

“If you take the pervasiveness of Microsoft, with a vulnerability of something people traditionally trust like a JPEG, its totally ripe to become the next mass-mailing worm,” Hawkins said. He said hes also wary because he thinks the “black hats” are excited to release the next big worm.

“Its significant in the fact that over time, weve seen when similar proof-of-concept code is posted, its usually a short time later that we see a real threat open up,” Schmugar said. He also noted that McAfee updated its security software about a week ago to detect the code released Wednesday, in addition to other malicious JPEG files.

The Microsoft spokeswoman said the company is urging its customers to immediately install the MS04-028 update and download the most current updates from Windows Update. In addition, she said enterprise customers still evaluating and testing the patch should follow the workaround steps detailed in the update.

/zimages/5/28571.gifCheck out eWEEK.coms Windows Center at http://windows.eweek.com for Microsoft and Windows news, views and analysis.

/zimages/5/77042.gif

Be sure to add our eWEEK.com Windows news feed to your RSS newsreader or My Yahoo page

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.