|
|
Exploits out for the MS04-028, urges you to install patch
|
Microsoft has issued "MS04-028" alert regarding a buffer overrun in software it uses to display JPEG images. The GDIPlus.DLL contains an exploitable buffer overflow. An attacker could specially crafted JPEG image that contains exploit and shellcode, then save to a JPEG image file.Attacker would put the JPEG image file to:
- Web site
- Email
- MS Office Document
- P2P
When victim Open then JPEG file,a buffer overflow occurs and allowing an attacker to run arbitrary code on the affected system.
DragonSoft Security Team found the vulnerability could easily be exploited by an attacker, and attacker could easily 1.Plugin Shellcode 2.Create user for back door 3.Write "Worm" programs 4.Write "Trojan Horse" programs.DragonSoft Security Team urges you to download the patch, install it.
Relate Link:
Detection:
examining the JPEG image for the following byte sequence::
0xFF 0xFE 0x00 0x00
OR
0xFF 0xFE 0x00 0x01
Test:
Exploit:
|
About DragonSoft Security Associates, Inc.
DragonSoft Security Associates is a leading developer in Taiwan for network security software and an active contributor to network security education. Founded in 2002, DragonSoft offers vulnerability management olutions, including vulnerability assessment, System Security Management and intrusion prevention.
|
Tel. +886-3-5630989 Fax. +886-3-5797758
6F, No. 30, Lane 607, Sec. 1, Guangfu Rd., Hsinchu, Taiwan 300, R.O.C.
Copyright © DragonSoft Security Associates, Inc. All Rights Reserved
| About | Unsubscribe | Contact |
|
|
