Sunday, December 22, 2024
HomeWindowsJPEG / JPG Exploit - Looking at Picture Installs Spyware and Viruses

JPEG / JPG Exploit – Looking at Picture Installs Spyware and Viruses

Many years ago, a rumor emerged that you could get viruses by looking at a picture. Soon this fear will be true. Here is how to test your system.


In 1994, a myth was circulated that users could get a virus by just looking at a picture in your email or on the web.

Soon, that may be true.

Edit: Now, it is true:
http://www.easynews.com/virus.html

A file called GDIPLUS.DLL (which is used in many applications to view .jpg files) can be exploited through a buffer overflow mechanism.

A buffer overflow occurs when a program tries to process more information than it was originally designed. This extra information overflows into other processes. If crafted correctly, this overflow will actually force your system to perform unwanted tasks such as installing spyware, Trojans, or releasing information.

As jpg picture files are so commonly used, there is no doubt that spyware/malware authors will start using this as a way to install their evil on your system. Because this weak file is used by many applications, the only real fix is to allow Microsoft to patch your system.

You can also test your system. Gulftech security just released an example exploit on bugtraq. You can download the test file from here : http://www.gulftech.org/?node=downloads. This example of the exploit will just cause the crash and does not contain an evil code.

Original BUGTRAQ posting:
http://www.securityfocus.com/archive/1/375204/2004-09-08/2004-09-14/2

David Kirk
David Kirk
David Kirk is one of the original founders of tech-recipes and is currently serving as editor-in-chief. Not only has he been crafting tutorials for over ten years, but in his other life he also enjoys taking care of critically ill patients as an ICU physician.
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

LATEST REVIEWS

Recent Comments

error: Content is protected !!