MSB Buffer Overrun in JPEG Processing

[VenomXt]

http://www.microsoft.com/technet/security/bulletin/ms04-028.mspx

Microsoft Security Bulletin MS04-028
Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)

Issued: September 14, 2004
Updated: September 21, 2004
Version: 1.2
Summary

Who should read this document: Customers who use any of the affected operating systems, affected software programs, or affected components.

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Recommendation: Customers should apply the update immediately.

Security Update Replacement: None

Caveats: If you have installed any of the affected programs or affected components listed in this bulletin, you should install the required security update for each of the affected programs or affected components. This may require the installation of multiple security updates. See the FAQ section of this bulletin for more information.

Tested Software and Security Update Download Locations:

Affected Software:

 

[Xie]

There is a virus in the wild (posted to Usenet yesterday) for this. Also it appears that just because M$ patched there jpeg rendering doesn't mean that your unaffected as other programs that you installed may have there own jpeg renders that are also exploitable. Hopefully some more info will be released on this soon before everyone is effected (or nobody opens any images). Also don't be fooled as it was posted that an attacker can change the file extention to any image file format really (ie. bmp, tif, ect) and Windows will still read it as a .jpeg and render it accordingly.

 

[Electronic Punk]

The MS patch for this was fairly shocking... on an enterprise level.
The GDI tool is automatically pushed out using the SUS server but unless an admin is present to run the scan on every machine of the domain - the user gets an error every time they login!!