Last Tuesday, Microsoft warned us about a potential hole in Windows XP related to JPEG images. Two days later, BugTraq posted a proof of concept exploit related to the hole. The Internet Storm Center warns a more serious attack could be imminent:
... We have seen this same pattern in the past - a significant vulnerability is announced, followed in a few days by POC code that usually causes a system crash or denial of service condition, followed by a hunt to get a reliable and simple buffer overflow to work using universal stack pointer offsets. Once an attack mechanism is perfected, then it's just a matter of hours or days before worm code is launched. With the growth in popularity of the Metasploit Framework project, simple point-n-click access to vulnerable systems follows quickly, allowing anybody from script kiddies to nation states to gain unauthorized access to insecure systems.Back to Compendium
Post a comment
