MS04-028: Trojan.Ducky A/B exploits GDI+ vulnerabilities

Posted Thu, Sep 30 2004 15:11 by Harry Waldron

 MS04-028: Trojan.Ducky A/B exploits GDI+ vulnerabilities

http://www.symantec.com/avcenter/venc/data/trojan.ducky.html
http://www.symantec.com/avcenter/venc/data/trojan.ducky.b.html

Trojan.Ducky is a downloader Trojan that exploits the Microsoft GDI+ Library JPEG Segment Length Integer Underflow vulnerability (as described in the Microsoft Security Bulletin MS04-028).

Comments

# re: MS04-028: Trojan.Ducky A/B exploits GDI+ vulnerabilities

Friday, October 01, 2004 9:19 AM by Harry Waldron

Seems to be that the AV industry is already a week late with this. We got mails with Jpeg attachments containg string Ducky as editor already a week ago mailed as "Feedback" to our website.

Just we were unsure, what's the malicious code in it and didn't want to try it out.