.JPG redux
Rick Moen
rick at linuxmafia.com
Thu Sep 30 08:19:16 PDT 2004
Quoting Strata R. Chalup (strata at virtual.net):
> I thought it was a file extension trick. Nope, it's a buffer overflow
> in the JPEG decompression code.
...which runs privileged, being built into Microsoft's GDI code that it
has chosen to execute in ring zero starting with NT 4.0. Why bother
making it necessary to do privilege escalation when you can compromise
the entire machine in one easy step from the _rendering engine_?
You'll notice that Microsoft's security advisory and "FAQ" _still_ say
nothing at all about how the exploit works.
--
Cheers,
Rick Moen This space for rant.
rick at linuxmafia.com
More information about the Baylisa
mailing list