Hi, >> I'm still trying to figure out how a virus can hide in a JPEG? <<
JPEG, TIFF and a few other formats are really "structured" file formats, where a single file contains multiple distinct components, e.g., a "full size" image and a thumbnail image, IPTC and EXIF descriptions, even XML formatted data. So, by design, these formats are intended to have variable amounts of information "piggy-bagged" to the actual picture. I guess someone figured out how to use a buffer overrun to overlay portions of the stack in the application. Best Regards Andy Schmidt H&M Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax: +1 201 934-9206 http://www.HM-Software.com/ -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rodney Bertsch Sent: Wednesday, September 15, 2004 01:40 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Microsoft GDI+ Security Update Unfortunately this is from Microsoft's main web page, just click on the "Critical Update" in the upper right corner of the page. I'm still trying to figure out how a virus can hide in a JPEG? - Rodney -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Wednesday, September 15, 2004 11:41 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Microsoft GDI+ Security Update >Does anybody know anything more about this JPEG vulnerability they're >talking about? Every single JPEG (or other graphic format) vulnerability that I have heard of has been a hoax (including the one that McAfee sent out press releases about). One involved hiding information in the graphic (which is relatively easy to do, and has been known for years), and if you already are infected with a virus, you can get new viruses delivered via the graphic. I haven't heard about this one yet, however, if it is a new one. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.