Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[Full-Disclosure] RE: Full-disclosure digest, Vol 1 #1955 - 19 msgs
From: "RandallM" <randallm () fidmail com>
Date: Wed, 6 Oct 2004 20:59:28 -0500


<|>--__--__--
<|>
<|>Message: 14
<|>Date: Wed, 6 Oct 2004 15:53:32 -0700
<|>From: GuidoZ <uberguidoz () gmail com>
<|>Reply-To: GuidoZ <uberguidoz () gmail com>
<|>To: full-disclosure () lists netsys com
<|>Subject: [Full-disclosure] Quick JPEG/GDI test & fix (timesaver)
<|>
<|>Hello list,
<|>
<|>I wrote a very simple program/batch file that tests for the JPEG
<|>exploit, then if affected, provides instructions on how to patch the
<|>exploit. It has been tested on my own lil happy lab network, as well
<|>as one one network where I'm a sysadmin. (Tested on Windows XP Home
<|>and Pro, SP1a and SP2.)
<|>
<|>It DOES test for the exploit by attempting to use an "infected" JPG
<|>which downloads the instructions for fixing it, if exploited. By
<|>viewing the strings in the JPG, you can see the file it downloads and
<|>check it out for yourself. It's clean. =) Just contains a batch file
<|>and a program to launch the batch file. (The file that gets 
<|>downloaded
<|>is a simple SFX.) Links are below. It contains a warning saying it's
<|>about to try to exploit the system and to save data in open programs.
<|>(It also warns that Explorer may crash.)
<|>
<|>I wrote this merely to save myself time and allow friends/family to
<|>test their own systems, then patch them without having to call me for
<|>help. It's not been tested in every environment and in every 
<|>scenario.
<|>If you find a problem, feel free to email me (exploit _AT_ guidoz
<|>_DOT_ com) Obviously I'm not responsible if it's abused 
<|>somehow, or if
<|>it breaks something, etc. Feel free to modify it to suit your own
<|>needs, but use it at your own risk.
<|>
<|>Test can be downloaded from here: 
<|>http://www.guidoz.com/exploit-test.exe
<|>
<|>Again, it's just an SFX archive with a batch file. Hopefully it will
<|>save someone else some time. I've used it to have friends/family (and
<|>a few clients) patch a total of around 30 machines without problems.
<|>
<|>--
<|>Peace. ~G
<|>
<|>
<|>--__--__--
<|>
<|>End of Full-Disclosure Digest
<|>

Well, guess I'm safe. McAfee saw it as "Exploit-MntRedir.gen" and said...NO!
I googled it and it found nothing though. Thought it would atleast lead me
to McAfee. McAfee search said: 

"We found no records matching the following criteria:
Virus name containing "MntRedir.gen".
Please try narrowing your search by using fewer characters".

What gives?

thank you
Randall M

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault