[ BytEfLUSh @ 16.09.2004. 00:04 ] @
Uspeli su uraditi ono što je do sada smatrano nemogućim - možete se zaraziti virusom/trojancem samim otvaranjem JPEG fajla (slike)!

http://www.microsoft.com/security/bulletins/200409_jpeg.mspx
[ byTer @ 16.09.2004. 11:27 ] @
Evo ja se već pechem... :))
[ Reljam @ 16.09.2004. 17:06 ] @
Zaraza preko otvaranja ne-executable fajlova je jedan od elementarnih 'attack vectora'. Bilo sta sto cita podatke sa mreze ili diska moze da ima rupu preko koje ce neko da ubaci kod koji moze da se izvrsi. Ako pogledas crve koji se sire preko mreze, oni koriste istu vrstu napada kao i ovo sa JPGom - negde neki bafer biva prepisan.

A cisto da ne mislis da je ovo specijalnost vezana za MS: potpuno ista stvar sa PNGom samo na Linuxu: http://www3.ca.com/securityadvisor/vulninfo/Vuln.aspx?ID=6184 . Ovaj link je od pre dve godine, a http://secunia.com/advisories/12219/ ovaj je od pre mesec dana.
[ filo @ 16.09.2004. 20:02 ] @
na linuxu! aaaa
to nije tacno
ma ti hoces nas da prevaris
ti si ustvari postavio te stranice! :P
[ reiser @ 22.09.2004. 20:31 ] @
http://www.computerworld.com/s...es/story/0,10801,96088,00.html

Citat:
SEPTEMBER 22, 2004 (IDG NEWS SERVICE) - Computer code that takes advantage of a flaw in the way many Microsoft Corp. applications process JPEG images has been published on the Internet and could be a precursor to actual attacks on vulnerable PCs, experts said.

The code was published late last week, only days after Microsoft revealed the "critical" vulnerability and made patches available to fix the problem (see story). A wide range of Microsoft software that processes JPEG images, including versions of its Windows and Office products, is vulnerable.

So far, only "proof-of-concept" code that can cause a vulnerable Web browser to crash or a PC to freeze has been published. A fully developed exploit would allow an attacker to take control of a victim's computer by remotely opening a command prompt or downloading and running malicious software, one expert said yesterday.