[olug] Attack WinXP with a JPEG!
David Walker
olug at grax.com
Wed Sep 15 00:05:44 UTC 2004
I agree that not running as root does provide a lot of security benefits but I
believe a libpng based virus running as a normal user could still cause
immense havoc.
A normal user could:
Open an outgoing connection
Provide a listening shell
Use any locally available root exploits to obtain root
Become a spam drone
Become a denial of service drone
Serve as an anonymous relay
They would have difficulty hiding their efforts from the root user but simply
naming the process to something that seems innocuous would get them a good
distance.
I think we are just lucky that no one has created a libpng based virus.
On Tuesday 14 September 2004 04:18 pm, Phil Brutsche wrote:
> Mike Hostetler wrote:
> > Apparently there is no example exploit yet, but a carefully crafted
> > JPEG could compromise an XP machine!
> >
> > http://www.techweb.com/wire/security/showArticle.jhtml?articleID=47205207
> >
> > See, that's why you don't tie your applications so tightly to your OS . .
> > .
>
> The level of integration into the OS really doesn't matter.
>
> Technically, any system can be compromised by a carefully crafted JPEG.
> Imagine a buffer overflow in libpng or libjpeg under Linux,
> compromising Mozilla or Firefox run by root...
>
> Laugh (or declare the stupidity of the user) if you want, but that is
> *exactly* how most people in the Windows world use their computers,
> thanks to defaults from MS. Take admin rights away from the user, and
> most of these problems disappear, just like on a Linux machine...
More information about the OLUG
mailing list