[olug] Attack WinXP with a JPEG!

Phil Brutsche phil at brutsche.us
Tue Sep 14 21:18:04 UTC 2004


Mike Hostetler wrote:
> Apparently there is no example exploit yet, but a carefully crafted
> JPEG could compromise an XP machine!
> 
> http://www.techweb.com/wire/security/showArticle.jhtml?articleID=47205207
> 
> See, that's why you don't tie your applications so tightly to your OS . . .

The level of integration into the OS really doesn't matter.

Technically, any system can be compromised by a carefully crafted JPEG.
 Imagine a buffer overflow in libpng or libjpeg under Linux,
compromising Mozilla or Firefox run by root...

Laugh (or declare the stupidity of the user) if you want, but that is
*exactly* how most people in the Windows world use their computers,
thanks to defaults from MS.  Take admin rights away from the user, and
most of these problems disappear, just like on a Linux machine...

-- 

Phil Brutsche
phil at brutsche.us



More information about the OLUG mailing list