[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] GDIPLUS VULN - MS04-028 - CRASH TEST JPEG
- To: "Elia Florio" <eflorio@xxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxx>
- Subject: RE: [Full-Disclosure] GDIPLUS VULN - MS04-028 - CRASH TEST JPEG
- From: "Cassidy Macfarlane" <cmacfarlane@xxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 15 Sep 2004 16:22:44 +0100
I found this almost exactly two years ago.
http://www.securityfocus.com/archive/82/290856
I did not put much dev effort into it at the time, but it has been
around for a while......
I'm just glad they sneaked the patch into SP2.
I remember thinking at the time - 'hrm, if I wrote some shellcode to
overwrite system mem, then I could have a .jpg that could TAKE OVER THE
WORLD'
I'm regretting not putting my full efforts in to this...can you tell?
-----Original Message-----
From: Elia Florio [mailto:eflorio@xxxxxxxxxxx]
Sent: 15 September 2004 14:15
To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] GDIPLUS VULN - MS04-028 - CRASH TEST JPEG
Hi list,
this is the JPEG able to reproduce the crash
reported in the bullettin MS04-028.
http://www.microsoft.com/technet/security/bulletin/ms04-028.mspx
Look at FFFE0001 or FFFE0000 signature
in the JFIF header.
Tested on Windows XP Prof SP1 [gdiplus.dll ver 5.1.3097.0]
[eflorio]
________________________________________________
Messaggio inviato da Edizioni Master Webmail
http://mbox.edmaster.it
_______________________________________________ Full-Disclosure - We
believe in it. Charter:
http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html