TRTA04-260A
Microsoft Windows JPEG �R���|�[�l���g�Ƀo�b�t�@�I�[�o�[�t���[
�}�C�N���\�t�g�� Graphic Device Interface Plus (GDI+) �ɐƎ㐫���m�F����܂����B
�e������V�X�e��
- Microsoft Windows XP ����� Microsoft Windows XP Service Pack 1
- Microsoft Windows XP 64-Bit Edition Service Pack 1
- Microsoft Windows XP 64-Bit Edition Version 2003
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 64-Bit Edition
- Microsoft Office XP Service Pack 3
- Microsoft Office 2003
- Microsoft Office InterConnect Lite
- Microsoft Office Home Style+
- Microsoft Project 2002 Service Pack 1 (���ׂẴo�[�W����)
- Microsoft Project 2003 (���ׂẴo�[�W����)
- Microsoft Visio 2002 Service Pack 2 (���ׂẴo�[�W����)
- Microsoft Visio 2003 (���ׂẴo�[�W����)
- Microsoft Visual Studio .NET 2002
- Microsoft Visual Studio .NET 2003
- Microsoft .NET Framework version 1.0 SDK Service Pack 2
- Microsoft Picture It!R 2002 (���ׂẴo�[�W����) (�p�ꐻ�i)
- Picture It! �f�W�J���X�^�W�I Version 2002
- Picture It! Express 2002
- Microsoft Greetings 2002 (�p�ꐻ�i)
- Microsoft Picture It! version 7 (���ׂẴo�[�W����) (�p�ꐻ�i)
- Picture It! �f�W�J���X�^�W�I Version 2003
- Picture It! Express version 2003
- Digital Image Pro version 2003
- Microsoft Digital Image Pro version 7.0 (�p�ꐻ�i)
- Microsoft Picture It! version 9 (Picture It! Library ���܂ނ��ׂẴo�[�W����) (�p�ꐻ�i)
- �f�W�J���X�^�W�I version 9
- Picture It! Express version 9
- Microsoft Digital Image Pro version 9
- Microsoft Digital Image Suite version 9 (�p�ꐻ�i)
- Microsoft Producer for Microsoft Office PowerPoint (���ׂẴo�[�W����)
- Microsoft Platform SDK Redistributable: GDI+
| ���� (JST) | ���e |
| 2003-10-07 (�č����t) | VU#297462 �̐Ǝ㐫���m�F����� (by Nick DeBaggis) |
| 2004-09-15 05:22 |
MS ���[�����O���X�g�o�R�� �}�C�N���\�t�g �Z�L�����e�B��� 2004 �N 9 ���̃Z�L�����e�B��� ���͂�
#Post-Date: Tue, 14 Sep 2004 13:22:15 -0700 |
| 2004-09-15 06:59 |
@police JPEG ���� (GDI+) �̃o�b�t�@ �I�[�o�[�����ɂ��A�R�[�h�����s�����(MS04-028)(9/15) �� Web ���J
#Last-Modified: Tue, 14 Sep 2004 21:59:29 GMT |
| 2004-09-15 10:05 |
Full-Disclosure Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow �������
#Post-Date: Tue, 14 Sep 2004 21:05:44 -0400 |
| 2004-09-15 22:14 |
Full-Disclosure �� "GDIPLUS VULN - MS04-028 - CRASH TEST JPEG" �����e�����
#Cid: CRASH-TEST.zip #Post-Date: Wed, 15 Sep 2004 15:14:51 +0200 |
| 2004-09-16 (����t) | �V�}���e�b�N MS04-028 �p�p�^�[�� Bloodhound.Exploit.13 �� |
| 2004-09-17 02:53 |
Bugtraq �� "JPEG Processing BOF Proof Of Concept" �����e�����
#Cid: jpegcompoc.zip #Post-Date: Thu, 16 Sep 2004 12:53:15 -0500 |
| 2004-09-17 04:58 |
US-CERT ���[�����O���X�g�o�R�� TA04-260A ���͂�
#Post-Date: Thu, 16 Sep 2004 15:58:16 -0400 |
| 2004-09-17 |
�}�J�t�B�[ MS04-028 �p�p�^�[�� Exploit-MS04-028 ��
�g�����h�}�N�� MS04-028 �p�p�^�[�� EXPLOIT-MS04-028 �� |
| 2004-09-21 (����t) | �V�}���e�b�N W32.Snone.A |
| 2004-09-22 13:39 |
Full-Disclosure �� "Control EDX/EAX in JPG Heap Overflow (MS04-028)" �����e�����
#Cid: ms04-028.sh #Cid: 09222004.ms04-28.sh #Post-Date: Wed, 22 Sep 2004 04:39:11 GMT |
| 2004-09-23 03:38 |
Full-Disclosure �� "Microsoft Windows MS04-028 JPEG Overflow Shellcoded Exploit" �����e�����
#Cid: 09222004.ms04-28-cmd.c #Tested: Windows XP + SP1 #Post-Date: Wed, 22 Sep 2004 11:38:18 -0700 (PDT) |
| 2004-09-23 07:12 |
Bugtraq �� "Example of JPG Exploit & Shellcode" �����e�����
#Cid: FoToZ.jpg #Tested: Windows XP + SP1 #Post-Date: Sep 22 2004 10:12PM |
| 2004-09-23 08:21 |
Full-Disclosure �� "MS04-028 Exploit PoC II - Shellcode=CreateUser X in Administrators Group" �����e�����
#Cid: ms04-028.sh #Cid: 09232004.ms04-28-admin.sh #Tested: Windows XP Professional [EN] + SP1 #Tested: Windows XP Professional [IT] + SP1 #Post-Date: Thu, 23 Sep 2004 01:21:47 +0200 |
| 2004-09-23 15:22 |
Bugtraq �� "NEW GDI+ JPEG Remote Exploit" �����e�����
#Cid: JpegOfDeath.c #Cid: 09252004.JpegOfDeath.c #Binding-Port: 1337 #Tested: Windows XP + SP1 #Post-Date: 23 Sep 2004 06:22:54 -0000 |
| 2004-09-23 23:55 | ISS AlertCon ? => ? |
| 2004-09-24 09:00 | �}�J�t�B�[ MS04-028 �p�p�^�[�� HTool/Exp-MS04-028 �� |
| 2004-09-24 13:49 |
ISSKK Microsoft �� JPEG ���� (GDI+) �ɂ����鈫�p �� Web ���J
#ISSXPU: Network Sensor 22.31 #Last-Modified: Fri, 24 Sep 2004 04:49:46 GMT |
| 2004-09-24 (����t) |
�V�}���e�b�N MS04-028 �p�p�^�[�� Hacktool.JPEGDownload ��
�g�����h�}�N�� MS04-028 �p�p�^�[�� EXPL_JPGDOWN.A, HKTL_JPGDOWN.A �� |
| 2004-09-25 (�č����t) | SANS Institute JPEG exploit toolkit , JPEG Hacktool, GDIScan Tool, In search of the Botnet - Lessons learned �ɂ����ĐƎ㐫���U������c�[���̃����[�X��� |
| 2004-09-25 (����t) | SANS Institute �����p�c�[�� GDI Scan �������[�X |
| 2004-09-25 (����t) | �V�}���e�b�N MS04-028 �p�p�^�[�� Hacktool.JPEGShell �� |
| 2004-09-26 |
ISS MS04-028 �֘A�̃V�O�j�`�����C��
#ISSXPU: Network Sensor 22.33 |
| 2004-09-27 10:25 |
MS04-028 �̐Ǝ㐫���U������L���� alt.binaries �z���̂������̃j���[�X�O���[�v�ɓ��e�����
#Reference: Bugtraq "GDI Virus in the wild." #Reference: SANS Institute MS04-028 Public Exploit Attempts |
| 2004-09-27 (����t) | "Windows JPEG Downloader Toolkit Source Code (MS04-028)" �� Web ���J�����
#Cid: JpgDownloader.c #Cid: 09272004.JpgDownloader.c |
| 2004-09-27 (����t) | "Windows JPEG GDI+ All in One Remote Exploit (MS04-028)" �� Web ���J�����
#Cid: JpegOfDeath.M.c #Cid: 09272004.JpegOfDeathM.c |
| 2004-09-28 00:00 | �g�����h�}�N�� TROJ_YATAK.A |
| 2004-09-29 23:05 | ISS AlertCon ? => ? |
| 2004-10-05 (�č����t) | SANS Institute Speaking of botnets ... �ɂ����ĐƎ㐫���U�����銈����� |
| 2004-10-09 10:10 |
Full-Disclosure �ɐƎ㐫���U�����銈�� "JPEG GDI+ (MS04-028) Exploit http://home.zccn.net/mm2004" �����e�����
#Post-Date: Sat, 09 Oct 2004 09:10:22 +0800 |
| 2004-10-11 18:02 |
Full-Disclosure �ɐƎ㐫���U�����銈�� "JPEG GDI+ (MS04-028) Exploit at http://www.splitinfinity.info" �����e�����
#Post-Date: Mon, 11 Oct 2004 17:02:15 +0800 |
- Technical Cyber Security Alert TA04-260A
Microsoft Windows JPEG component buffer overflow - Vendor Status Note JVNTA04-260A
Microsoft Windows JPEG �R���|�[�l���g�Ƀo�b�t�@�I�[�o�[�t���[
