TGA is an image file format supported by Windows operating system. TGA is typically used to save files in a compressed form. TGA files are typically created using a paint/graphic software. TGA files are typically located in the “C:\Windows\System32\" folder. An attacker could leverage this location to place a malicious TGA file in location that the unsuspecting user could access. An attacker could leverage this location to place a malicious TGA file that could lead to memory corruption vulnerability. Once the user downloaded and opened the malicious TGA file, the user would be redirected to a malicious website.
TIFF
File Format
TGA is an image file format supported by Windows operating system. TGA is typically used to save files in a compressed form. TGA files are typically created using a paint/graphic software. TGA files are typically located in the “C:\Windows\System32\" folder. An attacker could leverage this location to place a malicious TGA file that could lead to memory corruption vulnerability. Once the user downloaded and opened the malicious TGA file, the user would be redirected to a malicious website.
Vulnerability Analysis
The TGA file location is typically not visible to the user. An attacker would have to know where the folder is located. However, once an attacker knows this information, they could leverage this location to place a malicious TGA file in directory that the unsuspecting user could access. The TGA file that is placed there would lead to a possible memory corruption vulnerability. Once the user downloaded and opened the malicious TGA file, they would be redirected to a malicious website.
Once the user downloads and opens this malicious TGA file, they will be directed to a malicious website that provides malware under the guise of an update for their security software package.
TIFF Image File Format
TIFF is an image file format that is often used with scanners and digital cameras. Image files are saved in TIFF format for editing in photo editing software. Typically, the TIFF files are saved in "C:\Windows\System32\tiff".
TGA Image File Header Format
The TGA format uses a separate header to describe the location, size, and optionally other information associated with the file. The following is an example of a TGA header:
Image Width = 800
Image Height = 600
Bytes Per Line And Image = 64
Image Type = 0x4F4D4C454741
Data Size In Bytes = 406428
Length Of Data File = 406428 bytes (40 bytes from this point until end-of-file)
TGA File Name = "C:\Windows\System32\svchost.exe"
VBScript Memory Corruption Vulnerability
Microsoft VBScript is a scripting language used by Microsoft Windows. This vulnerability allows an attacker to place a malicious TGA file in location that the unsuspecting user could access. An attacker could leverage this location to place a malicious TGA file that could lead to memory corruption vulnerability. Once the user downloaded and opened the malicious TGA file, the user would be redirected to a malicious website with a script embedded in it that would execute when the user’s system accessed it.
Timeline
Published on: 10/21/2022 16:15:00 UTC
Last modified on: 10/24/2022 13:41:00 UTC