.JPG redux

• Previous message: .JPG redux
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Quoting Strata R. Chalup (strata at virtual.net):

> I thought it was a file extension trick.  Nope, it's a buffer overflow 
> in the JPEG decompression code.

...which runs privileged, being built into Microsoft's GDI code that it
has chosen to execute in ring zero starting with NT 4.0.   Why bother
making it necessary to do privilege escalation when you can compromise
the entire machine in one easy step from the _rendering engine_?

You'll notice that Microsoft's security advisory and "FAQ" _still_ say
nothing at all about how the exploit works.

-- 
Cheers,
Rick Moen                                        This space for rant.
rick at linuxmafia.com

• Previous message: .JPG redux
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]