Nick: AntScardi
Oggetto: x gli amministratori
Data: 13/5/2005 21.49.15
Visite: 116
Ragazzi mentre navigavo x il forum ho ricevuto un attacco da ircnapoli: ekko il responso del Sygate
[217] Microsoft Multiple Application/OS GDI+ JPEG Processing Buffer Overflow Vulnerability attempt detected (CAN-2004-0200)
From: 69.44.152.112
Protocol: TCP
Direction: Incoming
Severity: Major
ecc...
L'attacco ricevuto è il JPEG of Death. Significa che qualkuno posta sul forum immagini JPEG corrotte per far eseguire codice arbitrario.
Ekko i dettagli:
Microsoft Multiple Application/OS GDI+ JPEG Processing Buffer Overflow Vulnerability: A remotely exploitable buffer overflow vulnerability in Microsoft Corp.'s GDI+ .jpg image file handling component allows an attacker to execute arbitrary code.
The vulnerability specifically occurs in the handling of .jpg comment sections, which allow comment data to be embedded into a .jpg file (such as data indicating when the image was created). Comment sections begin with "0xFFFE," which is followed by a 16-bit, unsigned integer that gives the total length of the comment plus the 16 bits needed for the length identifier. This allows up to 65,533 bytes of data to be embedded into the .jpg file. Conversely, the minimum length of the comment field is two bytes, as the length identifier must be included. If a comment length of 0 or 1 is indicated, a heap overflow occurs when the GDI+ normalizes the comment length to check its value. A starting length of 0 becomes -2 after normalization, and this value is converted to "0xFFFFFFFE" (2^32-1), which is then passed to a memcpy function that attempts to copy just less than 4GB to heap memory. This copy causes problems, leaving the heap management structures in an inconsistent state with EAX and EDX ultimately controllable by an attacker.
|
x gli amministratori 13/5/2005 21.49.15 (115 visite) AntScardi
non è ircnapoli 13/5/2005 22.40.28 (53 visite) Aftermath