[olug] Attack WinXP with a JPEG!
VHP3
vhpascale3 at yahoo.com
Tue Sep 14 22:24:02 UTC 2004
--- Phil Brutsche <phil at brutsche.us> wrote:
> Mike Hostetler wrote:
> > Apparently there is no example exploit yet, but a
> carefully crafted
> > JPEG could compromise an XP machine!
> >
> >
>
http://www.techweb.com/wire/security/showArticle.jhtml?articleID=47205207
> >
> > See, that's why you don't tie your applications so
> tightly to your OS . . .
>
> The level of integration into the OS really doesn't
> matter.
>
> Technically, any system can be compromised by a
> carefully crafted JPEG.
> Imagine a buffer overflow in libpng or libjpeg
> under Linux,
> compromising Mozilla or Firefox run by root...
>
> Laugh (or declare the stupidity of the user) if you
> want, but that is
> *exactly* how most people in the Windows world use
> their computers,
> thanks to defaults from MS. Take admin rights away
> from the user, and
> most of these problems disappear, just like on a
> Linux machine...
>
Building security in from the ground up would make a
whole bunch more disappear.
Vince
=====
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- Benjamin Franklin
_______________________________
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com
More information about the OLUG
mailing list