Re: [SLUG] another MS security flaw ("image" that)

From: Bryan J. Smith (b.j.smith@ieee.org)
Date: Tue Sep 14 2004 - 23:04:18 EDT


On Tue, 2004-09-14 at 21:41, Pete S. wrote:
> For those that get a kick out of MS flaws. This allows a remote
> attacker to take over a system... when the user views a jpg.

Is it related to the Freedomware libpng library exploits?
Or the previous Freedomware zlib (possibly used by libjpeg?) one?

The reason I bring this up is because the IT media regularly likes to
poke fun at Linux whenever they find an exploit, but _rarely_ follow
that with the _real_ issue that Windows often uses the _exact_same_
code. Most of these libraries are typically BSD licensed.

So any BSD library that has an exploit means Windows is also exposed.
To make matters worse, Microsoft typically doesn't patch it out of
political considerations. They always fall back to "our version doesn't
have the hole," even though quick, independent binary analysis says they
do.

-- 
Bryan J. Smith                                  b.j.smith@ieee.org 
------------------------------------------------------------------ 
"Communities don't have rights. Only individuals in the community
 have rights. ... That idea of community rights is firmly rooted
 in the 'Communist Manifesto.'" -- Michael Badnarik

----------------------------------------------------------------------- This list is provided as an unmoderated internet service by Networked Knowledge Systems (NKS). Views and opinions expressed in messages posted are those of the author and do not necessarily reflect the official policy or position of NKS or any of its employees.



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 17:39:38 EDT