SMTP: Malformed JPEG Attachment

This signature detects malformed JPEG attachments with a comment size of 0 or 1. Microsoft Outlook and Outlook Express are vulnerable. Attackers can craft a malicious JPEG attachment that, when viewed in Outlook or Outlook Express, enables attackers to remotely execute arbitrary code on the user's computer.

Extended Description

Microsoft (Graphics Device Interface) GDI+ JPEG handler is reported prone to an integer underflow vulnerability when handling JPEG format images. This issue presents itself due to a lack of sufficient sanity checks performed on certain JPEG data before this data employed as a bounds value for a memory copy operation. A specially crafted JPEG image may trigger this vulnerability and result in the execution of arbitrary attacker-supplied code. Code execution would occur in the context of the user who is running the vulnerable software. **Update: This issue is similar in nature to BID 1503, discovered by Solar Designer. ** An exploit that opens a command shell on the local vulnerable system as soon as the image is viewed has been released. Symantec has confirmed that this exploit code is functional. It is important to note that this exploit could potentially be modified to execute other code on the system. Administrators should remain vigilant and patch all vulnerable systems.

Affected Products

Avaya s3400_message_application_server,Microsoft outlook_2002

References

BugTraq: 11173

CVE: CVE-2004-0200

URL: http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx http://www.kb.cert.org/vuls/id/297462

Short Name

SMTP:MAL:JPEG-ATTACH-COMMENT-OF

Severity

Major

Recommended

False

Recommended Action

None

SMTP: Malformed JPEG Attachment

Extended Description

Affected Products

References

Found a potential security threat?