«
Expand/Collapse
27 items tagged "jpeg"
Related tags:
based buffer overflow [+],
apple quicktime [+],
image [+],
code execution [+],
integer overflow vulnerability [+],
zero [+],
vulnerability [+],
store pointers [+],
red hat security [+],
red [+],
ktopam [+],
jpeg 2000 [+],
jasper library [+],
jasper [+],
idefense security advisory [+],
graphics file formats [+],
global stream [+],
day [+],
adobe systems inc [+],
adobe [+],
steganography [+],
steganographic software [+],
remote [+],
presentation [+],
picasa [+],
paint [+],
overflow error [+],
overflow [+],
microsoft paint [+],
microsoft [+],
mainstream tv [+],
integer overflow [+],
integer [+],
image processing [+],
google picasa [+],
google [+],
forensic analysts [+],
abu dhabi [+],
x imageio [+],
windows [+],
win [+],
totto [+],
sincerly [+],
safer use [+],
multiple [+],
memory corruption [+],
mac os x [+],
keylogger [+],
jpeg2000 [+],
framework [+],
flashpix [+],
file jpeg [+],
cve [+],
code [+],
cod [+],
che [+],
buffer overflow vulnerability [+],
buffer [+],
apple mac os x [+],
apple mac os [+],
apple itunes [+],
Generali [+],
Discussioni [+]
-
-
![Permalink for '[Slides] Introduction to More Advanced Steganography'](/themes/lilina/web//media/mark_off.gif)
21:48
»
SecDocs
Tags:
steganography Event:
Black Hat Abu Dhabi 2011 Abstract: Steganography has advanced tremendously in the last few years and simple concepts have even been presented on mainstream TV. However, more sophisticated techniques are less well-known and may be overlooked by forensic analysts and even Steganalysis software. This presentation will showcase several more advanced (and some unpublished) steganographic techniques, some with a very high data hiding capacities. One technique successfully hides 15% to 20% of data in a jpeg and YOU can't tell! That means your 8 MB jpeg image may contain 1.6 MB of covert data! An audio CD contains about 700 MB of data – even a modest 1% capacity allows for 7 MB of data. The presentation embeds working demonstrations of several steganographic software programs so YOU can decide the effectiveness for yourself. Can you see or hear it? Will it be flagged by Steganalysis programs? We shall see … or not!
-
21:48
»
SecDocs
Tags:
steganography Event:
Black Hat Abu Dhabi 2011 Abstract: Steganography has advanced tremendously in the last few years and simple concepts have even been presented on mainstream TV. However, more sophisticated techniques are less well-known and may be overlooked by forensic analysts and even Steganalysis software. This presentation will showcase several more advanced (and some unpublished) steganographic techniques, some with a very high data hiding capacities. One technique successfully hides 15% to 20% of data in a jpeg and YOU can't tell! That means your 8 MB jpeg image may contain 1.6 MB of covert data! An audio CD contains about 700 MB of data – even a modest 1% capacity allows for 7 MB of data. The presentation embeds working demonstrations of several steganographic software programs so YOU can decide the effectiveness for yourself. Can you see or hear it? Will it be flagged by Steganalysis programs? We shall see … or not!
-
-
16:24
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
18:23
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-1811-01 - The netpbm packages contain a library of functions which support programs for handling various graphics file formats, including .pbm, .pgm, .pnm, .ppm, and others. Two heap-based buffer overflow flaws were found in the embedded JasPer library, which is used to provide support for Part 1 of the JPEG 2000 image compression standard in the jpeg2ktopam and pamtojpeg2k tools. An attacker could create a malicious JPEG 2000 compressed image file that could cause jpeg2ktopam to crash or, potentially, execute arbitrary code with the privileges of the user running jpeg2ktopam. These flaws do not affect pamtojpeg2k.
-
18:23
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-1811-01 - The netpbm packages contain a library of functions which support programs for handling various graphics file formats, including .pbm, .pgm, .pnm, .ppm, and others. Two heap-based buffer overflow flaws were found in the embedded JasPer library, which is used to provide support for Part 1 of the JPEG 2000 image compression standard in the jpeg2ktopam and pamtojpeg2k tools. An attacker could create a malicious JPEG 2000 compressed image file that could cause jpeg2ktopam to crash or, potentially, execute arbitrary code with the privileges of the user running jpeg2ktopam. These flaws do not affect pamtojpeg2k.
-
18:23
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-1811-01 - The netpbm packages contain a library of functions which support programs for handling various graphics file formats, including .pbm, .pgm, .pnm, .ppm, and others. Two heap-based buffer overflow flaws were found in the embedded JasPer library, which is used to provide support for Part 1 of the JPEG 2000 image compression standard in the jpeg2ktopam and pamtojpeg2k tools. An attacker could create a malicious JPEG 2000 compressed image file that could cause jpeg2ktopam to crash or, potentially, execute arbitrary code with the privileges of the user running jpeg2ktopam. These flaws do not affect pamtojpeg2k.
-
-
7:14
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-1807-01 - JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Two heap-based buffer overflow flaws were found in the way JasPer decoded JPEG 2000 compressed image files. An attacker could create a malicious JPEG 2000 compressed image file that, when opened, would cause applications that use JasPer to crash or, potentially, execute arbitrary code.
-
7:14
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-1807-01 - JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Two heap-based buffer overflow flaws were found in the way JasPer decoded JPEG 2000 compressed image files. An attacker could create a malicious JPEG 2000 compressed image file that, when opened, would cause applications that use JasPer to crash or, potentially, execute arbitrary code.
-
7:14
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-1807-01 - JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Two heap-based buffer overflow flaws were found in the way JasPer decoded JPEG 2000 compressed image files. An attacker could create a malicious JPEG 2000 compressed image file that, when opened, would cause applications that use JasPer to crash or, potentially, execute arbitrary code.
-
-
17:57
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-295 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime handles flashpix files. When a flashpix contains a tile that has a Compression Type 0x2 (JPEG) and an 'JPEG tables selector' value that is bigger then the global stream property 'Maximum JPEG table index', Quicktime will write outside the global JPEG table. This corruption could lead to remote code execution under the context of the current user.
-
17:57
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-295 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime handles flashpix files. When a flashpix contains a tile that has a Compression Type 0x2 (JPEG) and an 'JPEG tables selector' value that is bigger then the global stream property 'Maximum JPEG table index', Quicktime will write outside the global JPEG table. This corruption could lead to remote code execution under the context of the current user.
-
17:57
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-295 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime handles flashpix files. When a flashpix contains a tile that has a Compression Type 0x2 (JPEG) and an 'JPEG tables selector' value that is bigger then the global stream property 'Maximum JPEG table index', Quicktime will write outside the global JPEG table. This corruption could lead to remote code execution under the context of the current user.
-
-
4:22
»
Packet Storm Security Advisories
iDefense Security Advisory 02.08.11 - Remote exploitation of a memory corruption vulnerability in Adobe Systems Inc.'s Reader could allow an attacker to execute arbitrary code with the privileges of the current user. JPEG2000 (JP2K) is an image file format similar to JPEG. In addition to JPEG markers, JP2K files also provide "boxes" that define different image properties. JP2K is one of the image formats supported by Adobe Reader and Acrobat. The vulnerability occurs when parsing a JPEG2000 file embedded inside of a PDF file. Several different JP2K record types are involved in the vulnerability. It is possible to increment a buffer index beyond the allocated data, and store pointers to file data at that location. This can result in the corruption of heap structures and application data, which leads to the execution of arbitrary code. iDefense has confirmed the existence of this vulnerability in Adobe Reader and Acrobat versions 9.4 and 8.2.5. A full list of vulnerable Adobe products can be found in Adobe Security Bulletin APSB11-03.
-
4:22
»
Packet Storm Security Recent Files
iDefense Security Advisory 02.08.11 - Remote exploitation of a memory corruption vulnerability in Adobe Systems Inc.'s Reader could allow an attacker to execute arbitrary code with the privileges of the current user. JPEG2000 (JP2K) is an image file format similar to JPEG. In addition to JPEG markers, JP2K files also provide "boxes" that define different image properties. JP2K is one of the image formats supported by Adobe Reader and Acrobat. The vulnerability occurs when parsing a JPEG2000 file embedded inside of a PDF file. Several different JP2K record types are involved in the vulnerability. It is possible to increment a buffer index beyond the allocated data, and store pointers to file data at that location. This can result in the corruption of heap structures and application data, which leads to the execution of arbitrary code. iDefense has confirmed the existence of this vulnerability in Adobe Reader and Acrobat versions 9.4 and 8.2.5. A full list of vulnerable Adobe products can be found in Adobe Security Bulletin APSB11-03.
-
4:22
»
Packet Storm Security Misc. Files
iDefense Security Advisory 02.08.11 - Remote exploitation of a memory corruption vulnerability in Adobe Systems Inc.'s Reader could allow an attacker to execute arbitrary code with the privileges of the current user. JPEG2000 (JP2K) is an image file format similar to JPEG. In addition to JPEG markers, JP2K files also provide "boxes" that define different image properties. JP2K is one of the image formats supported by Adobe Reader and Acrobat. The vulnerability occurs when parsing a JPEG2000 file embedded inside of a PDF file. Several different JP2K record types are involved in the vulnerability. It is possible to increment a buffer index beyond the allocated data, and store pointers to file data at that location. This can result in the corruption of heap structures and application data, which leads to the execution of arbitrary code. iDefense has confirmed the existence of this vulnerability in Adobe Reader and Acrobat versions 9.4 and 8.2.5. A full list of vulnerable Adobe products can be found in Adobe Security Bulletin APSB11-03.
-
-
9:01
»
Packet Storm Security Recent Files
Secunia Research has discovered two vulnerabilities in SWFTools, which can be exploited by malicious people to compromise a user's system. An integer overflow error within the getPNG() function in lib/png.c can be exploited to cause a heap-based buffer overflow via specially crafted PNG images. An integer overflow error within the jpeg_load() function in lib/jpeg.c can be exploited to cause a heap-based buffer overflow via specially crafted JPEG images.
-
9:00
»
Packet Storm Security Advisories
Secunia Research has discovered two vulnerabilities in SWFTools, which can be exploited by malicious people to compromise a user's system. An integer overflow error within the getPNG() function in lib/png.c can be exploited to cause a heap-based buffer overflow via specially crafted PNG images. An integer overflow error within the jpeg_load() function in lib/jpeg.c can be exploited to cause a heap-based buffer overflow via specially crafted JPEG images.
-
-
10:32
»
remote-exploit & backtrack
Salve a tutto il forum,
vi scrivo per sottoporvi una richiesta a livello di tools.
Avrei necessità di provare a stenografare un keylogger all'interno di un jpeg. E mi servirebbero:
a) il keylogger che deve poter essere autoinstallante, nonché avere unica funzione per poter mandare vie email i dati acquisiti. Parecchio tempo fa avevo trovato un programma del genere ma non ricordo il nome. Mandava report ogni tot di ore a seconda dell'impostazioni e prendeva totto lo stream di input da tastiera. Nessuna funzione avanzata oltre a questa.
b) per la stenografia nel file jpeg ho visto che c'è solo parecchia fuffa in giro, avreste qualche nome interessante?
Vi ringrazio per l'aiuto, e/o per le dritte.
PS:Non vi chiedo di mandarmi il software o di spiegarmene il funzionamento, ci mancherebbe altro, ma di indirizzarmi verso risorse autorevoli.
Sincerly,
Fandonius :)
