[olug] Attack WinXP with a JPEG!

VHP3 vhpascale3 at yahoo.com
Tue Sep 14 22:24:02 UTC 2004


--- Phil Brutsche <phil at brutsche.us> wrote:

> Mike Hostetler wrote:
> > Apparently there is no example exploit yet, but a
> carefully crafted
> > JPEG could compromise an XP machine!
> > 
> >
>
http://www.techweb.com/wire/security/showArticle.jhtml?articleID=47205207
> > 
> > See, that's why you don't tie your applications so
> tightly to your OS . . .
> 
> The level of integration into the OS really doesn't
> matter.
> 
> Technically, any system can be compromised by a
> carefully crafted JPEG.
>  Imagine a buffer overflow in libpng or libjpeg
> under Linux,
> compromising Mozilla or Firefox run by root...
> 
> Laugh (or declare the stupidity of the user) if you
> want, but that is
> *exactly* how most people in the Windows world use
> their computers,
> thanks to defaults from MS.  Take admin rights away
> from the user, and
> most of these problems disappear, just like on a
> Linux machine...
> 

Building security in from the ground up would make a
whole bunch more disappear.

Vince

=====
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."   -- Benjamin Franklin


		
_______________________________
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com



More information about the OLUG mailing list