Re: Possible GDI Exploit Vector

[Babar Shafiq Nazmi <babarnazmi@xxxxxxxxx>]

I tried to put a jpeg in my profile pic and in emotion panel for
testing the same on msn 6 which is created by GDI flaw(remote shell
binding code), but msn 6 complains about the jpeg image.
(The image can't be displayed or resized, Please try again,or select
another image)
thats y I don't thin msn6 uses GDI to render images in display and in emotions. 
But i can send infected image to ppls who are not using updated
Antivirus/patched by file transfers. This is still dangerous.

Babar Shafiq


On 29 Sep 2004 09:26:19 -0000, james_love@xxxxxxxxxxx
<james_love@xxxxxxxxxxx> wrote:
> 
> 
> Does anyone know if MSN Messenger 6 uses GDI+ to render jpeg images that 
> appear as the profile images you see in MSN 6 Chat windows? If so, this could 
> provide an extremely fast way to propagate a worm using the GDI+ flaw. All 
> you would need to do to start it off is set the crafted image as ur profile 
> picture, start conversations wtih people you know have MSN6 installed, and, 
> if by default they display the other users' profile picture,they're machine 
> would process the image and carry out any nasty deeds the image has within it 
> (if the machine's not patched).
> 
> For the worm to propagate, it would need to craft its code into the current 
> users profile picture, and every time the infected user started a 
> conversation with someone, it would spread as soon as the other user viewed 
> the profile picture within the chat window.
> 
> The speed of spread would be enormous, granted that most people dont have up 
> to date virus scanners/definitions and have not patched their machines. Plus 
> it would be nearly impossible to determine where the virus came from, where 
> it started off.
> 
> All this, of course, is only possible if MSN Messenger 6 does indeed use 
> GDI+. Does it?
> 

-- 
God is a great Programmer