Vulnerability Development: Re: Infected jpeg files?

["Chris D. Sloan" <cds () cs hmc edu>]

As with most things where the question is, "Is it possible...?" the
answere is that, yes it is *possible*.  Someone could have written the
viewer to specifically interpret the JPEG contents as an executable.
The particular viewer you are using might overflow its stack and maybe
a carefully constructed JPEG could take advantage of that to run
malicious code.

Unless the person who wrote your viewer was malicious, though, I would
suspect the threat of anything like this actually happening in the
real world is about as high as the threat that there exist malicious
text files which would cause Notepad to infect other text files.

        Chris

On Wed, Nov 07, 2001 at 01:22:40AM -0000, rginski () co pinellas fl us wrote:
> Mailer: SecurityFocus
>
> Is it possible for a virus to infect a jpeg (*.jpg) file, 
> then the jpg file to infect other files?...without 
> changing the files characteristics? In other words, a 
> jpeg file (file.jpg) is infected and it 
> remains "infected_file.jpg". It is possible for a file type 
> as jpeg to have a payload or cause damage although 
> it's just being viewed? Perhaps something like 
> steganagraphy...except embedding vbs (or 
> something) causing infection by way of the viewer? I 
> guess another way of asking the question is:
>
> Is it possible to get infected by just viewing jpeg files?
>
> I realize that's a "wide open question" I just don't 
> know how else to explain myself. Thanks in advance 
> for your patience and help.

-- 
Chris Sloan
cds () cs hmc edu