Microsoft JPEG Hoax!

"Guido Vollbeding" wrote in message
...
Bruce Murphy wrote:

That's not necessarily true. Not all buffer overruns are exploitable,
and not all bugs are buffer overruns. Do you have any specific
information about the bug you're triggering being a naive buffer
overflow about its vulnerability?

This is definitely a buffer overrun, a bad one! Therefore the crashes.
I know that this should better be fixed (as is done in IJG 6b).
I'm no expert in exploit writing, but I've seen opinions from people
that it is only a question of time until proof-of-concept-exploits
appear.

Regards
Guido

The problem in IE is a write to memory location 0. Any modern operating
system will terminate such a program.
Unless this can be triggered repeatedly from a remote source, in which case
you would have a DOS attack, this is not considered a security issue.

You have provided no proof that this is a buffer overrun problem that can be
exploited.
It seems like it is you using a hoax..

Carsten Hansen

"Guido Vollbeding" wrote in message
...
Bruce Murphy wrote:

That's not necessarily true. Not all buffer overruns are exploitable,
and not all bugs are buffer overruns. Do you have any specific
information about the bug you're triggering being a naive buffer
overflow about its vulnerability?

This is definitely a buffer overrun, a bad one! Therefore the crashes.
I know that this should better be fixed (as is done in IJG 6b).
I'm no expert in exploit writing, but I've seen opinions from people
that it is only a question of time until proof-of-concept-exploits
appear.

Regards
Guido

The problem in IE is a write to memory location 0. Any modern operating
system will terminate such a program.
Unless this can be triggered repeatedly from a remote source, in which case
you would have a DOS attack, this is not considered a security issue.

You have provided no proof that this is a buffer overrun problem that can be
exploited.
It seems like it is you using a hoax..

Carsten Hansen

On Wed, 22 Sep 2004 11:50:49 +0200, "Bart van der Wolf" wrote:


"Bob" wrote in message
.. .
SNIP
BTW do you know why windows can't show some jpegs in
the 'thumbnail view' in windows explorer??

Can you find some common denominator for those files?
Maybe they all originate from the same application, or were saved with
special settings?

Bart

I was thinking along those lines so I re-saved a bunch of pics and much to my
surprise - some of them changed but some remained invisible... so I don't know
what's going on... I bet Microsoft don't know either!

On Wed, 22 Sep 2004 11:50:49 +0200, "Bart van der Wolf" wrote:


"Bob" wrote in message
.. .
SNIP
BTW do you know why windows can't show some jpegs in
the 'thumbnail view' in windows explorer??

Can you find some common denominator for those files?
Maybe they all originate from the same application, or were saved with
special settings?

Bart

I was thinking along those lines so I re-saved a bunch of pics and much to my
surprise - some of them changed but some remained invisible... so I don't know
what's going on... I bet Microsoft don't know either!

"Frank ess" writes:

Bruce Murphy wrote:
"Frank ess" writes:

Randal L. Schwartz wrote:
*** post for FREE via your newsreader at post.newsfeed.com ***

"Guido" == Guido Vollbeding writes:

Guido No, both problems are "Buffer Overrum" problems,

Too much light or dark rum, there? It's a few days late to be
perking up to Captain Morgan's... "Talk like a pirate day" was the
19th.

What does this comment add to the discussion?

What does /that/ comment add to the discussion?

I asked first.

I asked a different question. I'm not sure that asking a pointless
question first makes it any less pointless, no?

B

In article ,
says...
That's not necessarily true. Not all buffer overruns are exploitable,
and not all bugs are buffer overruns. Do you have any specific
information about the bug you're triggering being a naive buffer
overflow about its vulnerability?

This is Guido we're talking about. He cares less about reality than you
do.
--
http://www.pbase.com/bcbaird/

*** post for FREE via your newsreader at post.newsfeed.com ***

"Frank" == Frank ess writes:

Frank What does this comment add to the discussion?

I don't know. What did you intend that your comment add to the
discussion? It's not clear to me.

If you mean what did *my* comment add to the discussion,
the answer is "levity". Look it up if you're not familiar with it.
It's a portion of something I talk about in my .sig, aka "Comedy".

--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
URL:http://www.stonehenge.com/merlyn/
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!


-----= Posted via Newsfeed.Com, Uncensored Usenet News =-----
http://www.newsfeed.com - The #1 Newsgroup Service in the World!
-----== 100,000 Groups! - 19 Servers! - Unlimited Download! =-----

*** post for FREE via your newsreader at post.newsfeed.com ***

"Frank" == Frank ess writes:

Frank What does this comment add to the discussion?

I don't know. What did you intend that your comment add to the
discussion? It's not clear to me.

If you mean what did *my* comment add to the discussion,
the answer is "levity". Look it up if you're not familiar with it.
It's a portion of something I talk about in my .sig, aka "Comedy".

--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
URL:http://www.stonehenge.com/merlyn/
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!


-----= Posted via Newsfeed.Com, Uncensored Usenet News =-----
http://www.newsfeed.com - The #1 Newsgroup Service in the World!
-----== 100,000 Groups! - 19 Servers! - Unlimited Download! =-----

Carsten Hansen wrote:

The problem in IE is a write to memory location 0. Any modern operating
system will terminate such a program.
Unless this can be triggered repeatedly from a remote source, in which case
you would have a DOS attack, this is not considered a security issue.

You have provided no proof that this is a buffer overrun problem that can be
exploited.
It seems like it is you using a hoax..

It seems that you are equally ignorant with Microsoft.
I *know* the source of the problem, I have fixed it in 1998 in the IJG
source! And I can assure you that this is definitely a *massive* buffer
overrun problem! The crashes speak for themselves. But you and Microsoft
need not take care and can further ignore such problems, I don't expect
solutions from you...

Regards
Guido

Carsten Hansen wrote:

The problem in IE is a write to memory location 0. Any modern operating
system will terminate such a program.
Unless this can be triggered repeatedly from a remote source, in which case
you would have a DOS attack, this is not considered a security issue.

You have provided no proof that this is a buffer overrun problem that can be
exploited.
It seems like it is you using a hoax..

It seems that you are equally ignorant with Microsoft.
I *know* the source of the problem, I have fixed it in 1998 in the IJG
source! And I can assure you that this is definitely a *massive* buffer
overrun problem! The crashes speak for themselves. But you and Microsoft
need not take care and can further ignore such problems, I don't expect
solutions from you...

Regards
Guido