[FW-1] JPEG/GDI+ DLL Exploit

Subject:	[FW-1] JPEG/GDI+ DLL Exploit
From:	"O'Flynn, Derek" <DOFlyn AT LSUHSC DOT EDU>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Tue, 21 Sep 2004 17:51:22 -0500

Anyone know if you can utilize SmartDefense to catch an HTTP session with a
vulnerable JPEG.



I found some snort rules that allows Snort to detect for the Proof of
Concept Code.  However it is prone to false positives, but given the
possible outbreak, I'd be willing to deal with that.



Content-Type:image/jpeg; content:"|FF FE 00 01|" or "|FF FE 00 00|"



Thanks,



Derek O'Flynn


=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] JPEG/GDI+ DLL Exploit, O'Flynn, Derek <= Re: [FW-1] JPEG/GDI+ DLL Exploit, Andras Kis-Szabo Re: [FW-1] JPEG/GDI+ DLL Exploit, Philipp Müller Re: [FW-1] JPEG/GDI+ DLL Exploit, Ray Re: [FW-1] JPEG/GDI+ DLL Exploit, Bill Mathews Re: [FW-1] JPEG/GDI+ DLL Exploit, Philipp Müller Re: [FW-1] JPEG/GDI+ DLL Exploit, Philipp Müller

Previous by Date:	[FW-1] IP440 talk, Brad Pinkston
Next by Date:	[FW-1] R55 : Anti-spoofing Problems with Private Network in DMZ, Gildas Coutansais
Previous by Thread:	[FW-1] IP440 talk, Brad Pinkston
Next by Thread:	Re: [FW-1] JPEG/GDI+ DLL Exploit, Andras Kis-Szabo
Indexes:	[Date] [Thread] [Top] [All Lists]