The exploit was posted Thursday to the BugTraq and Full Disclosure mailing lists, which are read by both hackers and security professionals. The exploit doesn’t execute code, but will crash unpatched Windows XP computers, which can be a precursor step to remote execution code.
A download counter at GulfTech Research, the site publishing the exploit the site suggests that the code had been downloaded more than 32,000 times as of midday Saturday GMT.
The flaw was revealed by Microsoft Tuesday, along with a security update that addresses it. The announcement triggered alarm among the tech media and some security groups, while others counseled that the fear about the flaw was becoming somewhat overblown.
But the Internet Storm Center warns that the release of proof-of-concept (POC) code suggests a more dangerous exploit is probably in the works. “We have seen this same pattern in the past – a significant vulnerability is announced, followed in a few days by POC code that usually causes a system crash or denial of service condition, followed by a hunt to get a reliable and simple buffer overflow to work using universal stack pointer offsets,” the ISC noted. “Once an attack mechanism is perfected, then it’s just a matter of hours or days before worm code is launched.”
That creates a dilemma for IT staffs, since the extent of the flaw requires the patching of dektop machines running Microsoft software, any of which might be vulnerable to a JPEG exploit while browsing the Web in Internet Explorer or reading an HTML e-mail in Outlook.