Author Topic: Avast susceptible?  (Read 5349 times)

0 Members and 1 Guest are viewing this topic.

deceptionuk

  • Guest
Avast susceptible?
« on: September 30, 2004, 05:24:20 PM »
Hey all, long time user first time poster :)

I saw on a post in another forum that avast! was susceptible to the JPeg vulnerability, just as office is. Can anyone confirm this? The only way I can think of being infected via avast using the same way to process Jpegs and then through a skin.

Any info?
Many thanks,
Matt

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89438
  • No support PMs thanks
Re:Avast susceptible?
« Reply #1 on: September 30, 2004, 05:34:16 PM »
Hi, welcome to the forums.

I would have thought that getting the info from the horses mouth would be better (avast forums). Which forum and I hope you will put them straight, also ensuring that this vulnerability is patched is IMO the best course of action.

This has been discussed very recently and no avast isn't vulnerable a search of these forums on 'jpeg exploit' without the quotes returns several hits, this is just one of them.

http://forum.avast.com/index.php?board=2;action=display;threadid=7573;
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48700
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re:Avast susceptible?
« Reply #2 on: September 30, 2004, 05:39:44 PM »
deceptionuk:
Welcome to the Forums.
I guess you didn't read or understand the whole Thread.
The current version of Avast contains protection against that exploit.
Avast v 4.1.418 VPS 0440-2 ;D
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v24H2 64bit, 32 Gig Ram, 1TB SSD, Avast Free 24.4.6112, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re:Avast susceptible?
« Reply #3 on: September 30, 2004, 05:50:08 PM »
Just a suggestion: kill the 'deception' user and start another, with 'happyuser'  ;)
I can't believe you use avast so long and have any deception with it  :P
The best things in life are free.

deceptionuk

  • Guest
Re:Avast susceptible?
« Reply #4 on: September 30, 2004, 06:03:21 PM »
Hehe thanks for the responses folks :)

I'll put the other forum straight, it's sad that it's one of the most popular security forums aswell.. some people are ignorant and this *particular* poster I don't especially care for so I thought I'd ask here :) Many thanks!

P.S. Deception is my nickname, sorta ;)

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11865
    • AVAST Software
Re:Avast susceptible?
« Reply #5 on: October 01, 2004, 01:23:34 PM »
I saw on a post in another forum that avast! was susceptible to the JPeg vulnerability, just as office is. Can anyone confirm this?

The statement seems to be completely wrong to me - it implies that avast! somehow displays JPEG files (with the buggy code). However, as far as I know, avast! doesn't use the troublesome GDI+ library at all (it's an antivirus, not an image viewer, right? ;D). And even if it did, it would only display its own JPEG file (and I don't think it actually has any) - not the user-supplied ones - so there wouldn't be any chance of misuse.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48700
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re:Avast susceptible?
« Reply #6 on: October 01, 2004, 08:07:01 PM »
deceptionuk
It might be nice if you posted the information igor just gave us on the other forum to correct their erronious post. :)
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v24H2 64bit, 32 Gig Ram, 1TB SSD, Avast Free 24.4.6112, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31078
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:Avast susceptible?
« Reply #7 on: October 01, 2004, 08:16:39 PM »
The jpeg exploit is only harmfull when you view a picture in jpg (jpeg) format with certain viewers (normally only MS ones) other viewers like PSP (Paint Shop Pro), ACDSee, PhotoShop (pro) can and will display the image without the risk of infection. They just show the picture itself and do not executed any code.

In fact the tecnic to implement other info into a picture was used many years ago to communicate between a blackmailer and the Dutch police. So basicly what we are talking about is really old news. Luckely, not much people are using this technic for bad purposes. (up to now that is)

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11865
    • AVAST Software
Re:Avast susceptible?
« Reply #8 on: October 01, 2004, 09:27:47 PM »
Well, there are certainly many ways of storing hidden information into an image; you are right, however, that the problematic piece of GDI+ library code is a "comment block".

Btw, exactly the same problem as the current GDI+ exploit was discovered in 2000 in Netscape browsers (see here for technical info). It didn't get much attention, however - the number of Netscape users probably wasn't as interesting target for virus writers as the number of IE users today.
« Last Edit: October 01, 2004, 09:36:59 PM by igor »

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48700
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re:Avast susceptible?
« Reply #9 on: October 01, 2004, 10:19:33 PM »
Igor:
Does that mean that Firefox might also be susceptible to this code? Or, is it a totally different product compared to Netscape?
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v24H2 64bit, 32 Gig Ram, 1TB SSD, Avast Free 24.4.6112, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

conazus

  • Guest
Re:Avast susceptible?
« Reply #10 on: October 01, 2004, 10:21:41 PM »
Out of curiousity I installed Netscape 7.2 yesterday  (figured I would uninstall it later).     I found that it STILL does the illegal error thing it always used to do.   They did get around to adding some nice features to both it and its mail program.    BUT..  Ive uninstalled it totally and gone back to Firefox.    

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11865
    • AVAST Software
Re:Avast susceptible?
« Reply #11 on: October 01, 2004, 10:29:47 PM »
I really don't know what programs may the problem have propagated to.
According to the webpage I linked, the problem should have been fixed in Netscape 4.74 and Mozilla M16. However, when I tried in Netscape 4.80 in Windows 98, I got a nice bluescreen...