Avast susceptible?

Hey all, long time user first time poster :slight_smile:

I saw on a post in another forum that avast! was susceptible to the JPeg vulnerability, just as office is. Can anyone confirm this? The only way I can think of being infected via avast using the same way to process Jpegs and then through a skin.

Any info?
Many thanks,
Matt

Hi, welcome to the forums.

I would have thought that getting the info from the horses mouth would be better (avast forums). Which forum and I hope you will put them straight, also ensuring that this vulnerability is patched is IMO the best course of action.

This has been discussed very recently and no avast isn’t vulnerable a search of these forums on ‘jpeg exploit’ without the quotes returns several hits, this is just one of them.

http://forum.avast.com/index.php?board=2;action=display;threadid=7573;

deceptionuk:
Welcome to the Forums.
I guess you didn’t read or understand the whole Thread.
The current version of Avast contains protection against that exploit.
Avast v 4.1.418 VPS 0440-2 ;D

Just a suggestion: kill the ‘deception’ user and start another, with ‘happyuser’ :wink:
I can’t believe you use avast so long and have any deception with it :stuck_out_tongue:

Hehe thanks for the responses folks :slight_smile:

I’ll put the other forum straight, it’s sad that it’s one of the most popular security forums aswell… some people are ignorant and this particular poster I don’t especially care for so I thought I’d ask here :slight_smile: Many thanks!

P.S. Deception is my nickname, sorta :wink:

The statement seems to be completely wrong to me - it implies that avast! somehow displays JPEG files (with the buggy code). However, as far as I know, avast! doesn’t use the troublesome GDI+ library at all (it’s an antivirus, not an image viewer, right? ;D). And even if it did, it would only display its own JPEG file (and I don’t think it actually has any) - not the user-supplied ones - so there wouldn’t be any chance of misuse.

deceptionuk
It might be nice if you posted the information igor just gave us on the other forum to correct their erronious post. :slight_smile:

The jpeg exploit is only harmfull when you view a picture in jpg (jpeg) format with certain viewers (normally only MS ones) other viewers like PSP (Paint Shop Pro), ACDSee, PhotoShop (pro) can and will display the image without the risk of infection. They just show the picture itself and do not executed any code.

In fact the tecnic to implement other info into a picture was used many years ago to communicate between a blackmailer and the Dutch police. So basicly what we are talking about is really old news. Luckely, not much people are using this technic for bad purposes. (up to now that is)

Well, there are certainly many ways of storing hidden information into an image; you are right, however, that the problematic piece of GDI+ library code is a “comment block”.

Btw, exactly the same problem as the current GDI+ exploit was discovered in 2000 in Netscape browsers (see here for technical info). It didn’t get much attention, however - the number of Netscape users probably wasn’t as interesting target for virus writers as the number of IE users today.

Igor:
Does that mean that Firefox might also be susceptible to this code? Or, is it a totally different product compared to Netscape?

Out of curiousity I installed Netscape 7.2 yesterday (figured I would uninstall it later). I found that it STILL does the illegal error thing it always used to do. They did get around to adding some nice features to both it and its mail program. BUT… Ive uninstalled it totally and gone back to Firefox.

I really don’t know what programs may the problem have propagated to.
According to the webpage I linked, the problem should have been fixed in Netscape 4.74 and Mozilla M16. However, when I tried in Netscape 4.80 in Windows 98, I got a nice bluescreen…