Tool to exploit MS vulnerability is discovered

A tool has been created to simplify exploits against a recently announced vulnerability in the way Microsoft software handles JPEG images.

The tool described by iDefense Inc. of Reston, Va., as JPGDown.A, creates a malicious JPEG file that could compromise computers with the MS04-028 vulnerability, which was announced on Sept. 14.

'JPGDown.A significantly increases the likelihood of wide-spread MS04-028 attacks,' said Ken Dunham, iDefense director of malicious code. 'It is likely that Trojans and possibly worms will soon emerge in the wild now that such a tool and exploit code exists in the virus writing underground.'

The vulnerability is a buffer overrun in the processing of JPEG image formats that could let remote code be executed on a compromised machine. The vulnerability affects a wide range of Microsoft products, but does not affect Windows XP upgraded with Service Pack 2.

Additional information about the vulnerability, with links for downloading updates to correct it, is available here.

JPGDown.A has an executable program that creates a JPEG file of about 4,098 bytes that contains malicious code. The code is customized with a URL from which additional code can be downloaded to the exploited computer.

If the malicious file is executed on a vulnerable machine, it will initiate the download of the remote file from the attacker. Depending on the nature of the remote file, it could give the attacker control over the compromised computer.

Because so many programs are affected by the vulnerability, protecting systems against such an exploit could prove difficult, Dunham said.

'As seen with the SQL situation related to Slammer a couple of years ago, system administrators may be surprised to find that some of their computers on a patched network are still vulnerable,' he said.

About the Author

William Jackson is a Maryland-based freelance writer.

Featured

  • business meeting (Monkey Business Images/Shutterstock.com)

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (Shutterstock.com)

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected