I found this almost exactly two years ago. http://www.securityfocus.com/archive/82/290856
I did not put much dev effort into it at the time, but it has been around for a while...... I'm just glad they sneaked the patch into SP2. I remember thinking at the time - 'hrm, if I wrote some shellcode to overwrite system mem, then I could have a .jpg that could TAKE OVER THE WORLD' I'm regretting not putting my full efforts in to this...can you tell? -----Original Message----- From: Elia Florio [mailto:[EMAIL PROTECTED] Sent: 15 September 2004 14:15 To: [EMAIL PROTECTED] Subject: [Full-Disclosure] GDIPLUS VULN - MS04-028 - CRASH TEST JPEG Hi list, this is the JPEG able to reproduce the crash reported in the bullettin MS04-028. http://www.microsoft.com/technet/security/bulletin/ms04-028.mspx Look at FFFE0001 or FFFE0000 signature in the JFIF header. Tested on Windows XP Prof SP1 [gdiplus.dll ver 5.1.3097.0] [eflorio] ________________________________________________ Messaggio inviato da Edizioni Master Webmail http://mbox.edmaster.it _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
