« RČ» HKS
01-04-2006, 01:14 AM
I was on here yesterday and all of a sudden NIS 2006 popped up with a hack attempt. I checked it out only to find it came from TBF2. Not sure what's going on here?
Hmm I thought I had a screenshot of it, but here is what the log says:
3/01/06 7:46:31 PM Instrusion detected and blocked. All communication with TotalBF2.com (64.34.200.249)
Intrusion: ICC TagData Overflow
Same thing happened on 31/12/05 same attack.
Any ideas as to why would be appreciated. It sounds like there is an image file which contains malicious code somewhere on TBF2.
Thanks
Explanation of this attack from Symantec:
ICC Profile TagData Overflow
Severity: High
This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
Description
This signature detects a buffer overflow condition in icm32.dll, exploited by rendering a malicious image file.
Additional Information
A buffer overflow has been reported in the icm32.dll. If the image contains International Color Consortium (ICC) data, icm32.dll will be loaded to process it.
A buffer overrun vulnerability exists in the processing images that contains a large ICC tag data size for any of the following tag entry signatures:
1)rXYZ
2)bXYZ
3)gXYZ
The purpose of the International Color Consortium® (ICC) format is to provide a cross-platform device profile format. Such device profiles can be used to translate color data created on one device into another device's native color space. The acceptance of this format by operating system vendors allows end users to transparently move profiles and images with embedded profiles between different operating systems. For example, this allows a printer manufacturer to create a single profile for multiple operating systems.
Affected:
All Windows.
Response
Visit the Microsoft Security Bulletin Page for patches.
Possible False Positives
There are no known false positives associated with this signature.
Hmm I thought I had a screenshot of it, but here is what the log says:
3/01/06 7:46:31 PM Instrusion detected and blocked. All communication with TotalBF2.com (64.34.200.249)
Intrusion: ICC TagData Overflow
Same thing happened on 31/12/05 same attack.
Any ideas as to why would be appreciated. It sounds like there is an image file which contains malicious code somewhere on TBF2.
Thanks
Explanation of this attack from Symantec:
ICC Profile TagData Overflow
Severity: High
This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
Description
This signature detects a buffer overflow condition in icm32.dll, exploited by rendering a malicious image file.
Additional Information
A buffer overflow has been reported in the icm32.dll. If the image contains International Color Consortium (ICC) data, icm32.dll will be loaded to process it.
A buffer overrun vulnerability exists in the processing images that contains a large ICC tag data size for any of the following tag entry signatures:
1)rXYZ
2)bXYZ
3)gXYZ
The purpose of the International Color Consortium® (ICC) format is to provide a cross-platform device profile format. Such device profiles can be used to translate color data created on one device into another device's native color space. The acceptance of this format by operating system vendors allows end users to transparently move profiles and images with embedded profiles between different operating systems. For example, this allows a printer manufacturer to create a single profile for multiple operating systems.
Affected:
All Windows.
Response
Visit the Microsoft Security Bulletin Page for patches.
Possible False Positives
There are no known false positives associated with this signature.