MZL & Novatech TrafficStatistic Website
Home MZL
Webshop
Products
Webservice
Helpdesk
Feedback
About us
News
Submit News
MZL & Novatech Product and Service News
Traffic Statistics News Robot
Traffic Statistics Users Newsfeed
Important gdiplus.dll Jpe...
Search
MZL & Novatech TrafficStatistic Website
News - more news - submit news - XML
China, 09/05/08:  (details)
Wondershare Software released a powerful Streaming Audio Recorder
USA/Washington, 08/26/08:  (details)
TuneCab Online Video Catcher - software to download any streaming video
Leeds/England, 08/25/08:  (details)
Route2Love.com Gives Online Daters What They Want
shenzhen, 08/23/08:  (details)
Get DVD movies onto iPod nano, iPod video, iPod classic and iPod touch
United States, 08/22/08:  (details)
Aimersoft released the best Video Converter-fully supports importing HD Video formats

Channel: Traffic Statistics Users NewsfeedThis Traffic Statistic news channel is feeded by the Traffic Statistics Users, which can post news items or press releases in real time. If you want to provide a resource, just visit the trafficstatistic website at http://www.trafficstatistic.com/news/add_news_item.html. If you remark an abuse, please report it to abuse@trafficstatistic.com and our admin will delete the item.



Hannover/Germany, 09/24/04

Important gdiplus.dll Jpeg Vulnerability Update: Toolkit to Create Malicious Jpegs Around. Patch Your gdi+ Now.


Heise.de found a toolkit with graphical user interface to create malicious jpegs. The user of the toolkit can just enter any URI from the world wide web to a program and a vulnerable system or application will automatically download and execute this program when encountering a so prepared jpeg.

As creating such a jpeg and making it loading and executing any application from the internet does not require any programming knowledge anymore - indeed not even commands on command line are needed - it is very likely, that the internet and mailboxes will be flooded with such prepared jpeg images very soon, most probably already this weekend. So it is a very good idea to patch all vulnerable computers in companies still today.

Last Monday TrafficStatistic News has shown a demo pic exploiting the Microsoft gdiplus.dll vulnerability and urgently recommended to patch vulnerable systems.

Heise.de also reports, that the vulnerability is even worse then thought at the beginning:
- Most AV software does not recognize malicious jpegs as such
- the patches available at Microsoft seem not to cure the problem completely, Heise.de reported they encountered still buffer overflows with some of the specially prepared test pics

Notice of 20040924-21:54 CEST: Example http://sylvana.net/test/AP4.jpg
- do a bookmark here before you click the link, Internet Explorer will probably crash, even on Windows XP SP2 with all security patch updates!

- lot of 3rd party software is also affected, and even patching Microsoft's Windows system gdipluss.dll might not help against being vulnerable, some 3rd party Windows programs install a vulnerable copy of the infected gdiplus and use this copy unless this copy is patched

Link provided: http://www.heise.de/newsticker/meldung/51459



Added by: Traffic Statistic Admin

Previous news item - - - Next news item
Impressum
© 2004-2005 MZL Billing Services & Novatech Ltd. All rights reserved.
 Sponsoring Mein Parteibuch