JPEG Vulnerability: A day in the life of the JPEG Vulnerability

Contributed by Charles Hornat. An old paper I wrote over a decade ago.

This paper will provide a detailed analysis of the Buffer Overrun in JPEG Processing which started appearing on Microsoft software in September 2004.

Just a week prior to writing this paper, Microsoft announced a buffer overrun in JPEG processing in many of Microsoft’s software. This particular vulnerability increased the difficulty of patching for large organizations since it not only impacted operating systems, it also included many popular software packages such as Microsoft Office and development software such as Visual Studio .Net.

This paper will include an analysis of the timeline between the vendor announcement of this vulnerability, to actual exploit code or proof of concept, to an actual attack. An analysis of an attack as well as steps one could use to mitigate the risk of this vulnerability will also be completed. Finally, policies and processes that all organizations is included for reference.

I chose this particular vulnerability because of several reasons. The first was to understand the timeline users face when determining how long they have before they should patch. Often times, large organizations need to test patches against several different desktop builds, and that could take a couple days each. A second reason was to develop an understanding of this new type of attack. This particular attack focuses on user interaction, or even social engineering. Finally, there was little information available at the time this paper was being written. Therefore, it is my contribution to the community as an analysis of the new threat.

In the last section of the paper, a process on what organizations or users could do to protect themselves from such an infection will be outlined. Policies outlining Antivirus as well as patch deployment are also included. These policies have been implemented and have helped to mitigate the risk of this type of attack.

This document is in PDF format. To view it click here.

Rate this article: 
No votes yet