Forum Moderators: wheatpenny Forum Coordinators: Anim8dtoon
Community Center F.A.Q (Last Updated: 2024 Dec 20 3:22 am)
Thanks bonni! I was doing a quick read tonight in one of the CG magazines at Borders just as they were closing...(not sure which mag..Computer Arts, 3D World,.. but one of the more popular ones). It was saying that a script based (Java) virus is being used in Jpeg image files, and that sites that allow uploads,need to take extra precautions. I did a little fast research online about Jpeg virus, and at one point in time,the thinking was even if a script was imbedded, it still needed a Trojan type .exe on a machine to do any damage. Seems like that has now changed, as this new script can do the damage all by itself. Came here to see if anybody else knew about this,and find bonni already on the ball. Getting that patch right now! I think this is a very important issue Renderosity, as well as all Graphic sites better look into ASAP!!!! SWAMP
Attached Link: http://support.microsoft.com/default.aspx?scid=kb;EN-US;873374
Any and all that pertain to the OS and software you have installed on your machine. Like if you have Windows XP sr1,Word 2002,and Microsoft Greeting,you will need to DL three patches. To make it easy,first DL and install the patch for your version of XP,or Server2003 (XP with the the new SR2 is not effected). Then go to this link and DL the GDI+ detection tool,which will tell you if you have anything else that needs to be patched. SWAMPOnly in Microsoft's world is possible jpeg images with virus! Well, the term "email virus" used to be quite literally a JOKE. It was impossible for a virus to be spread via email, back in the day. How nice of Microsoft to provide that functionality for us. :-) bonni
"When a man gives his opinion, he's a man. When a woman gives her opinion, she's a bitch." - Bette Davis
No, you can get just the patch for this. That's what I did. I don't want to install sp2 until they've fixed it. ;-) I just went to the Windows download site and chose the "custom install" or whatever they call it, and picked the updates I wanted. bonni
"When a man gives his opinion, he's a man. When a woman gives her opinion, she's a bitch." - Bette Davis
No,the Win2000 OS "itself" is not effected,and does not need to be patched. However you CAN STILL HAVE software/programs that are effected that will need to be patched (like Office,Word,PictureIT,etc.). Read what is listed on the site bonni linked to. If you are still not sure, DL the GDI+ detection tool which will search your system and inform you if you do have any of the software that can be effected. (I already gave you that link above). SWAMP
bonni: i received the sp2 update as an automatic download.... and i let it install itself (not knowing any better). it's fine - except that it wants to over-ride my native security package with its own.... (and i have a "peculiar" configuration on my home use PC - with many custom scripts and patches which i do not understand.)
Message edited on: 09/15/2004 09:35
bonni --
Thanks for the heads-up.
I've got SP2 installed on my machines at home.....the install went as smooth as a glass sea....no problems at all.
On the other hand, one of my co-workers at the office had severe problems resulting from the installation of SP2 on his machine. So, I haven't installed SP2 at the office yet.
I'll install this security patch.
Thanks again.
Installed the Windows XP sr1 patch. The GDI+ detection tool still says I am running software that may contain a security vulnerability even though I have NONE of the other programs listed. Perish the thought that they should provide a tool that tells you which program needs to be patched. Long live the evil microcrap empire. sarcasm
Damn it's easy to cause a buffer overrun on Windows systems. Until now we've seen tons of little patches for IE, Media Player, Outlook Express, Winamp etc. to prevent buffer overrun, but finally it looks like there's going to be protection from that kind of exploits on hardware (CPU) level. Which of course means even if the software is vulnerable the CPU won't let the buffer overrun happen. Anyway, it's good to be on Linux (though I still use Windows too). A couple of months ago there were some serious attempts to hack some Linux servers using ssh. Well, that wasn't very successfull as the hacking scripts were trying to guess the root password. If that's the best way to break into a Linux system I feel pretty safe.
Unfortunately there's no Poser for Linux, which is one of the few reasons I'm still using Windows. But as Peng found out Crossover Office (a Windows emulator for Linux, uses Wine but supports a wider range of apps) can run DAZ Studio. One can also run a whole Windows OS under Linux, with software like VMware, Win4Lin or Bochs. Even Poser will work then, but that requires an installation of a real Windows.
Well this is confusing, but will look into it... I use win2kpro SP4 full updated.. and hate word so don't have that..but what does word have to do with jpgs? I of course have paint programs and make jpgs all the time! Sheesh what a world we live in!
Life Requires Assembly and we all know how THAT goes!
The bug is in GDI+, which is .NET specific. If you don't have the .NET framework installed (most users don't have it) you're safe. Doesn't matter what Windows version you run.
The pen is mightier than the sword. But if you literally want to have some impact, use a typewriter
This site uses cookies to deliver the best experience. Our own cookies make user accounts and other features possible. Third-party cookies are used to display relevant ads and to analyze how Renderosity is used. By using our site, you acknowledge that you have read and understood our Terms of Service, including our Cookie Policy and our Privacy Policy.
Attached Link: http://www.microsoft.com/technet/security/bulletin/ms04-028.mspx
This one definitely bears reading. Summary: This update resolves a newly-discovered, privately reported vulnerability. A buffer overrun vulnerability exists in the processing of JPEG image formats that could allow remote code execution on an affected system. The vulnerability is documented in this bulletin in its own section. If a user is logged on with administrator privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges. Microsoft recommends that customers apply the update immediately. Details provided at attached link."When a man gives his opinion, he's a man. When a woman gives her opinion, she's a bitch." - Bette Davis