Security Firm Finds Program to Create JPEGs Exploiting Microsoft Flaw -- Redmond Channel Partner

Security Firm Finds Program to Create JPEGs Exploiting Microsoft Flaw

By Scott Bekker
October 06, 2004

Panda Software reported finding a tool on black hat hacker sites that can be used to create files in the JPEG image format that exploit the vulnerability in Microsoft's JPEG processing component.

Microsoft patched the flaw on Sept. 14 in security bulletin MS04-028, but because the flaw affects so many products and the patch must be applied to each of the applications on every system, it is a difficult patch to apply.

Officials with Panda Software said the attacker tool, called JPGTrojan.C, allows a user to create several payloads that can be included in the malicious image file. They include payloads to add a new user to the infected computer and grant that user administrative rights, specify a port to be opened to allow remote access to the computer, specify a remote IP address and a port and establish a connection or download an executable file and run it.

The Microsoft bulletin is available here.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Printable Format

Partner Resources

Hot Topics

More Resources

Security Firm Finds Program to Create JPEGs Exploiting Microsoft Flaw

The 2018 Microsoft Product Roadmap

Microsoft's Open Source Shift a 'Profound Cultural Challenge'

2018 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Next-Gen Release of Windows Admin Center Now Production-Ready

Microsoft Offers To Manage Windows 10 Desktops for Orgs

The 2018 Microsoft Product Roadmap

Microsoft's Open Source Shift a 'Profound Cultural Challenge'

2018 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Next-Gen Release of Windows Admin Center Now Production-Ready

Microsoft Offers To Manage Windows 10 Desktops for Orgs

Free Partner Guide PDFs from RCP's editors

FREE WHITE PAPERS FROM OUR SPONSORS

Sponsored Links