[PLUG] First JPEG virus is out there
Daggett, Steve
Steve.Daggett at fiserv.com
Tue Sep 28 11:01:02 PDT 2004
Bill Thoen asks:
>
> On Tue, 28 Sep 2004, Paul Heinlein wrote:
> > Image files are parsed and "executed" by various rendering
> > libraries.
> > If those libraries don't do proper bounds checking, regardless of
> > whether the host OS is Windows or Linux, a buffer overflow could
> > occur.
>
> So what do the bad guys actually do with a "buffer overflow"?
> How does that run a virus installer instead of just crashing?
Basically, any program that accepts an input can be buffer overflowed.
The overflow may contain an executable program, including an FTP client.
I believe the definitive article is still the original from Phrack.
`smash the stack` [C programming] n. On many C implementations
it is possible to corrupt the execution stack by writing past
the end of an array declared auto in a routine. Code that does
this is said to smash the stack, and can cause return from the
routine to jump to a random address. This can produce some of
the most insidious data-dependent bugs known to mankind.
Variants include trash the stack, scribble the stack, mangle
the stack; the term mung the stack is not used, as this is
never done intentionally. See spam; see also alias bug,
fandango on core, memory leak, precedence lossage, overrun screw.
Phrack 49
Smashing The Stack For Fun And Profit
http://www.phrack.org/show.php?p=49&a=14
Steve D...
More information about the PLUG
mailing list