Resident Chimaeric Dingo
I'm reading through this and I think it broke my brain. Then again, I am not a technician.. I just happen to sit on the sidelines, point and laugh.
Yes, I will admit I am not intimately familiar with the exact mechanics regarding how the exploit functioned. But, the key point I was trying to make is still valid: image files do have the potential of causing damage if they are crafted in a specific manner. The WMF exploit has been patched now, but there is the possibility of more similar exploits being discovered and possibly utilized in the future.
Ok, now this is really REALLY the last I'll say of this. We've gotten way off topic here.
*facepalms* can we stop with the arguing and stuff about jpgs and crap? Its hurting my computer illiterit (and probably spelling) mind.
I do what I want.
So yea the WMF exploit exists but it's been patched for a long time.
However from what I've read about this exploit, it was used to execute remote code, not viruses/malware. The remote code would then issue a command for whatever it was meant to do, which could have been installing malware.
I mean technically, its still not a virus inside of a .jpg, its remote code inside of a ".jpg" which will then do whatever the fuck it was meant to do (possibly trigger a virus).
Whether it was a WMF exploit that effected the forum member in question or if it was something a bit more obvious like whatever.jpg.bin or whatever.jpg.exe is entirely up in the air.
The point still stands that the exploit has been long since patched up and I wouldn't think that it is going to be used much now that it has been patched for several years, so the .jpgs that Mr. Toolbars were uploaded are most likely safe because:
1. Like I said, the exploit has been patched for years.
2. Modern imageviewers check metadata.
3. If the first two failed, the browser you will be using to view the image in will check the metadata itself.
you give him far too much credit good sir(full disclosure: that's probably who this is)