JPEG / JPG Exploit – Looking at Picture Installs Spyware and Viruses
Many years ago, a rumor emerged that you could get viruses by looking at a picture. Soon this fear will be true. Here is how to test your system.
In 1994, a myth was circulated that users could get a virus by just looking at a picture in your email or on the web.
Soon, that may be true.
Edit: Now, it is true:
A file called GDIPLUS.DLL (which is used in many applications to view .jpg files) can be exploited through a buffer overflow mechanism.
A buffer overflow occurs when a program tries to process more information than it was originally designed. This extra information overflows into other processes. If crafted correctly, this overflow will actually force your system to perform unwanted tasks such as installing spyware, Trojans, or releasing information.
As jpg picture files are so commonly used, there is no doubt that spyware/malware authors will start using this as a way to install their evil on your system. Because this weak file is used by many applications, the only real fix is to allow Microsoft to patch your system.
You can also test your system. Gulftech security just released an example exploit on bugtraq. You can download the test file from here : http://www.gulftech.org/?node=downloads. This example of the exploit will just cause the crash and does not contain an evil code.
Original BUGTRAQ posting:
View more articles by David Kirk
Follow the reactions below and share your own thoughts.