Tool to exploit MS vulnerability is discovered

A tool has been created to simplify exploits against a recently announced vulnerability in the way Microsoft software handles JPEG images.

The tool described by iDefense Inc. of Reston, Va., as JPGDown.A, creates a malicious JPEG file that could compromise computers with the MS04-028 vulnerability, which was announced on Sept. 14.

'JPGDown.A significantly increases the likelihood of wide-spread MS04-028 attacks,' said Ken Dunham, iDefense director of malicious code. 'It is likely that Trojans and possibly worms will soon emerge in the wild now that such a tool and exploit code exists in the virus writing underground.'

The vulnerability is a buffer overrun in the processing of JPEG image formats that could let remote code be executed on a compromised machine. The vulnerability affects a wide range of Microsoft products, but does not affect Windows XP upgraded with Service Pack 2.

Additional information about the vulnerability, with links for downloading updates to correct it, is available here.

JPGDown.A has an executable program that creates a JPEG file of about 4,098 bytes that contains malicious code. The code is customized with a URL from which additional code can be downloaded to the exploited computer.

If the malicious file is executed on a vulnerable machine, it will initiate the download of the remote file from the attacker. Depending on the nature of the remote file, it could give the attacker control over the compromised computer.

Because so many programs are affected by the vulnerability, protecting systems against such an exploit could prove difficult, Dunham said.

'As seen with the SQL situation related to Slammer a couple of years ago, system administrators may be surprised to find that some of their computers on a patched network are still vulnerable,' he said.

About the Author

William Jackson is a Maryland-based freelance writer.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected