| |
SecurityFocus HOME News: Microsoft warns of poisoned picture peril
by dmv at 9:42 pm EDT, Sep 14, 2004 |
] The old bromide that promises you can't get a computer
] virus by looking at an image file crumbled a bit further
] Tuesday when Microsoft announced a critical vulnerability
] in its software's handling of the ubiquitous JPEG
] graphics format. Microsoft security... making the theoretically implausible possible. |
| |
RE: SecurityFocus HOME News: Microsoft warns of poisoned picture peril
by Decius at 11:35 pm EDT, Sep 14, 2004 |
dmv wrote:
] Microsoft security... making the theoretically implausible
] possible. There is a cellphone that accepts a gif file as its background image.
In a gif file you can set the coordinates for the origin.
If you set them as anything other then 0,0 the phone locks up.
You can send these images as SMS messages.
If you set one of these images to be the background the phone must be wiped and reinstalled by the manufacturer. |
|
| | |
RE: SecurityFocus HOME News: Microsoft warns of poisoned picture peril
by dmv at 2:03 am EDT, Sep 15, 2004 |
Decius wrote:
] You can send these images as SMS messages.
] If you set one of these images to be the background the phone
] must be wiped and reinstalled by the manufacturer. SMS messages have been a vector of attack since they came out; limited resources and all. But this new Microsoft one seems particularly bad, considering the code can be executed by looking at a JPEG on a webpage using the most popular web browser... No clicky-click, just have it rendered. Fortunately, inserting an image into someone's email, or on to webpages isn't easy. |
|
|
|
