[Full-Disclosure] RE: Full-Disclosure digest, Vol 1 #1955 - 19 msgs

From: RandallM (randallm_at_fidmail.com)
Date: 10/07/04

  • Next message: Bankim J. Tejani: "Re: [Full-Disclosure] House approves spyware legislation"
    To: <full-disclosure@lists.netsys.com>
    Date: Wed, 6 Oct 2004 20:59:28 -0500
    
    

    <|>--__--__--
    <|>
    <|>Message: 14
    <|>Date: Wed, 6 Oct 2004 15:53:32 -0700
    <|>From: GuidoZ <uberguidoz@gmail.com>
    <|>Reply-To: GuidoZ <uberguidoz@gmail.com>
    <|>To: full-disclosure@lists.netsys.com
    <|>Subject: [Full-Disclosure] Quick JPEG/GDI test & fix (timesaver)
    <|>
    <|>Hello list,
    <|>
    <|>I wrote a very simple program/batch file that tests for the JPEG
    <|>exploit, then if affected, provides instructions on how to patch the
    <|>exploit. It has been tested on my own lil happy lab network, as well
    <|>as one one network where I'm a sysadmin. (Tested on Windows XP Home
    <|>and Pro, SP1a and SP2.)
    <|>
    <|>It DOES test for the exploit by attempting to use an "infected" JPG
    <|>which downloads the instructions for fixing it, if exploited. By
    <|>viewing the strings in the JPG, you can see the file it downloads and
    <|>check it out for yourself. It's clean. =) Just contains a batch file
    <|>and a program to launch the batch file. (The file that gets
    <|>downloaded
    <|>is a simple SFX.) Links are below. It contains a warning saying it's
    <|>about to try to exploit the system and to save data in open programs.
    <|>(It also warns that Explorer may crash.)
    <|>
    <|>I wrote this merely to save myself time and allow friends/family to
    <|>test their own systems, then patch them without having to call me for
    <|>help. It's not been tested in every environment and in every
    <|>scenario.
    <|>If you find a problem, feel free to email me (exploit _AT_ guidoz
    <|>_DOT_ com) Obviously I'm not responsible if it's abused
    <|>somehow, or if
    <|>it breaks something, etc. Feel free to modify it to suit your own
    <|>needs, but use it at your own risk.
    <|>
    <|>Test can be downloaded from here:
    <|>http://www.guidoz.com/exploit-test.exe
    <|>
    <|>Again, it's just an SFX archive with a batch file. Hopefully it will
    <|>save someone else some time. I've used it to have friends/family (and
    <|>a few clients) patch a total of around 30 machines without problems.
    <|>
    <|>--
    <|>Peace. ~G
    <|>
    <|>
    <|>--__--__--
    <|>
    <|>End of Full-Disclosure Digest
    <|>

    Well, guess I'm safe. McAfee saw it as "Exploit-MntRedir.gen" and said...NO!
    I googled it and it found nothing though. Thought it would atleast lead me
    to McAfee. McAfee search said:

    "We found no records matching the following criteria:
    Virus name containing "MntRedir.gen".
    Please try narrowing your search by using fewer characters".

    What gives?

    thank you
    Randall M

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Bankim J. Tejani: "Re: [Full-Disclosure] House approves spyware legislation"