[olug] Attack WinXP with a JPEG!

David Walker olug at grax.com
Wed Sep 15 00:05:44 UTC 2004


I agree that not running as root does provide a lot of security benefits but I 
believe a libpng based virus running as a normal user could still cause 
immense havoc.

A normal user could:
	Open an outgoing connection 
	Provide a listening shell
	Use any locally available root exploits to obtain root
	Become a spam drone
	Become a denial of service drone
	Serve as an anonymous relay

They would have difficulty hiding their efforts from the root user but simply 
naming the process to something that seems innocuous would get them a good 
distance.  

I think we are just lucky that no one has created a libpng based virus.

On Tuesday 14 September 2004 04:18 pm, Phil Brutsche wrote:
> Mike Hostetler wrote:
> > Apparently there is no example exploit yet, but a carefully crafted
> > JPEG could compromise an XP machine!
> >
> > http://www.techweb.com/wire/security/showArticle.jhtml?articleID=47205207
> >
> > See, that's why you don't tie your applications so tightly to your OS . .
> > .
>
> The level of integration into the OS really doesn't matter.
>
> Technically, any system can be compromised by a carefully crafted JPEG.
>  Imagine a buffer overflow in libpng or libjpeg under Linux,
> compromising Mozilla or Firefox run by root...
>
> Laugh (or declare the stupidity of the user) if you want, but that is
> *exactly* how most people in the Windows world use their computers,
> thanks to defaults from MS.  Take admin rights away from the user, and
> most of these problems disappear, just like on a Linux machine...



More information about the OLUG mailing list