- 19 Jan 2005
- 1,831
- 230
- 73
FYI. While checking the link for "Who's Online" I clicked on a link that either a guest or a spider was viewing. My intrusion detection system notified me that someone was trying to get into my computer.
This is the information:
Can anyone explain this to me?
This is the information:
Whether this is serious or not I do not know. But according to Symantec it is. I was unable to use my back button as when I did I was informed that it was directing me to the attacking IP address. I had to completely shut down windows and re-boot my computer. I am also told that I have a malicious script in my temporary internet files.Time: 10:26AM CDT
Date: 10/27/2005
Intrusion: ICC Profile TagData Overflow
Intruder: eupedia.jref.com(67.19.168.133)(http(80))
Risk Level: HIGH!
Attacked IP: localhost
Attacked Port: 2132
When I clicked on more info about the ip address I was informed of the following:
IP address: 67.19.168.133
Network: theplanet.com
Location: Dallas, Texas, USA
Node Name: 133.67-19-168,reverse.theplanet.com
Here is additional info I was given by my security software:
OrgID: TPCM
CustName: ThePlanet.com Internet Services, Inc.
Street: 1333 North Stemmons Freeway
Street: Suite 110
City: Dallas
StateProv: TX
Country: US
PostalCode: 75207
RegDate: 1999-08-31
Updated: 2004-05-07
ReferralServer: rwhois://rwhois.theplanet.com:4321
OrgAbuseHandle: ABUSE271-ARIN
OrgAdminHandle: CROSB-ARIN
OrgNOCHandle: TECHN33-ARIN
OrgTechHandle: TECHN33-ARIN
NetHandle: NET-67-18-0-0-1
OrgID: TPCM
Parent: NET-67-0-0-0-0
NetName: NETBLK-THEPLANET-BLK-11
NetRange: 67.18.0.0 - 67.19.255.255
NetType: allocation
RegDate: 2004-03-15
Updated: 2004-07-29
NameServer: NS1.THEPLANET.COM
NameServer: NS2.THEPLANET.COM
TechHandle: PP46-ARIN
TechHandle: PP46-ARIN
TechName: Pathos, Peter
TechPhone: +1-214-782-7800
TechEmail: [email protected]
OrgAbuseHandle: ABUSE271-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-214-782-7802
OrgAbuseEmail: [email protected]
OrgTechHandle: TECHN33-ARIN
OrgTechName: Technical Support
OrgTechPhone: +1-214-782-7800
OrgTechEmail: [email protected]
OrgAdminHandle: CROSB-ARIN
OrgAdminName: Crosby, Lance
OrgAdminPhone: +1-214-800-6008
OrgAdminEmail: [email protected]
OrgNOCHandle: TECHN33-ARIN
OrgNOCName: Technical Support
OrgNOCPhone: +1-214-782-7800
OrgNOCEmail: [email protected]
Here is additional info concerning the attack:
ICC Profile TagData Overflow
Severity: High
This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
Description
This signature detects a buffer overflow condition in icm32.dll, exploited by rendering a malicious image file.
Additional Information
A buffer overflow has been reported in the icm32.dll. If the image contains International Color Consortium (ICC) data, icm32.dll will be loaded to process it.
A buffer overrun vulnerability exists in the processing images that contains a large ICC tag data size for any of the following tag entry signatures:
1)rXYZ
2)bXYZ
3)gXYZ
The purpose of the International Color Consortium® (ICC) format is to provide a cross-platform device profile format. Such device profiles can be used to translate color data created on one device into another device's native color space. The acceptance of this format by operating system vendors allows end users to transparently move profiles and images with embedded profiles between different operating systems. For example, this allows a printer manufacturer to create a single profile for multiple operating systems.
Affected:
All Windows.
Response
Visit the Microsoft Security Bulletin Page for patches.
Possible False Positives
There are no known false positives associated with this signature.
Can anyone explain this to me?