[NF] Strange File Behavior
Someone brought in a machine that hangs every time a particular file is referenced. I am not sure exactly what referenced means. It definitely includes reading the file and it appears to include even listing it in Windows Explorer Details view and also deleting it. It is an 8K file that wound up in Temporary Internet Files (yes, IE 6) and has a .jpg extension. Does anyone know of this kind of exploit and/or have additional information? It's really a sticky wicket, eh? TIA B+ HALinNY ___ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/[EMAIL PROTECTED] ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
Re: [NF] Strange File Behavior
Hal, Sounds like a corrupt JPG file that Windows is trying to render. Corruption could be unintentional or an intentional way to exploit known security flaws in GDIPLUS.DLL. You can google GDIPLUS.DLL exploits for more info. Malcolm ___ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/[EMAIL PROTECTED] ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
Re: [NF] Strange File Behavior
On 4/4/07, Hal Kaplan [EMAIL PROTECTED] wrote: It is an 8K file that wound up in Temporary Internet Files (yes, IE 6) and has a .jpg extension. There's a number of well-documented jpg exploits out in the wild. Best thing to do would be to boot with another OS off disk (Knoppix is good for this) and remove the file, making a copy if you want to study it further. Then, virus scan, patch and restore the system: a full reformat and reinstall from trusted media is often best. -- Ted Roche Ted Roche Associates, LLC http://www.tedroche.com ___ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/[EMAIL PROTECTED] ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.