Podcast Detail

SANS Stormcast Tuesday, August 26th, 2025: Decoding Word Reading Location; Image Downscaling AI Vulnerability; IBM Jazz Team Server Vuln

If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://traffic.libsyn.com/securitypodcast/9586.mp3

Decoding Word Reading Location; Image Downscaling AI Vulnerability; IBM Jazz Team Server Vuln

00:00

My Next Class

Application Security: Securing Web Apps, APIs, and Microservices	Las Vegas	Sep 22nd - Sep 27th 2025
Application Security: Securing Web Apps, APIs, and Microservices	Denver	Oct 4th - Oct 9th 2025

… more classes

Reading Location Position Value in Microsoft Word Documents
Jessy investigated how Word documents store the last visited document location in the registry.
https://isc.sans.edu/diary/Reading%20Location%20Position%20Value%20in%20Microsoft%20Word%20Documents/32224

Weaponizing image scaling against production AI systems
AI systems often downscale images before processing them. An attacker can create a harmless looking image that would reveal text after downscaling leading to prompt injection
https://blog.trailofbits.com/2025/08/21/weaponizing-image-scaling-against-production-ai-systems/

IBM Jazz Team Server Vulnerability CVE-2025-36157
IBM patched a critical vulnerability in its Jazz Team Server
https://www.ibm.com/support/pages/node/7242925

iTunes

MP3 Download

RSS Feed

Google

Podbean

Amazon Echo

YouTube

Spreaker

Spotify

Discussion

Application Security: Securing Web Apps, APIs, and Microservices	Las Vegas	Sep 22nd - Sep 27th 2025
Application Security: Securing Web Apps, APIs, and Microservices	Denver	Oct 4th - Oct 9th 2025
Application Security: Securing Web Apps, APIs, and Microservices	Dallas	Dec 1st - Dec 6th 2025
Application Security: Securing Web Apps, APIs, and Microservices	Orlando	Mar 29th - Apr 3rd 2026
Network Monitoring and Threat Detection In-Depth	Amsterdam	Apr 20th - Apr 25th 2026

Podcast Transcript

 Hello and welcome to the Tuesday, August 26, 2025
 edition of the SANS Internet Storm Center's Stormcast. My
 name is Johannes Ulrich, recording today from
 Baltimore, Maryland. And this episode is brought to you by
 the SANS.edu Bachelor's Degree Program in Applied
 Cybersecurity. Jesse today summarized some interesting
 research that he performed looking into the reading
 location position value in Microsoft Word documents. What
 this refers to is if you open a document that you have
 looked at before, you may get a pop-up telling you, hey, do
 you just want to basically continue where you left off
 last time you opened this document? Well, it turns out
 that this position is stored inside the registry, but it's
 not quite that straightforward to decode the value that you
 find in the registry. And that's essentially what Jesse
 is walking you through here, figuring out how to decode the
 value defined in the registry, how to link it to a particular
 position in the document. Interesting way this is sort
 of being determined here and some interesting experiments
 as well may be useful if you have to prove, for example,
 that a user has read a particular part of the
 document or maybe modified a particular part of the
 document that they visited just when they last time
 closed the document. And the Trail of Bits blog has an
 interesting attack against AI systems that are processing
 images among other data. The problem there or the feature
 really that they're exploiting is downscaling. Quite often
 when you are loading an image into an AI system, the AI
 system will then reduce the resolution in order to
 basically allow for more efficient processing of the
 image. But what the Trail of Bits blog is exploiting here
 is that, well, of course, as you're downscaling, there are
 subtle changes to the image. And by preparing an
 appropriate image, it's actually possible that there
 will be text overlaid to the image as you're downscaling
 it. And then we have that usual problem that we have so
 often in AI systems, prompt injection because they just
 can't sort of keep data and code separate. And of course,
 that classic bad pattern sort of kicks in here and an
 attacker is able to essentially inject a prompt
 just by uploading an image or by tricking the victim into
 uploading the image because in the original resolution, the
 text will not be visible and there won't be anything
 obviously wrong with the image. Trail of Bits suggests
 that you should refrain from downscaling images, that
 instead you just limit the allowable resolution of the
 image. That way, a user uploading an image would first
 have to downscale it themselves, which of course
 would first of all make the algorithm a little bit less
 predictable to the attacker. And secondly, the victim may
 then be able to actually see the text. Even though in the
 example that Trail of Bits has here as part of their blog,
 the text is not very visible to a human. And there have
 actually been similar attacks also, where basically you have
 text that's not very visible to a human but can be seen and
 interpreted by the AI tool that interprets the image.
 Well, basically bypass sort of any kind of cursory, at least
 visible, this inspection of the image. And IBM is advising
 users to quickly patch their IBM jaz team server. The
 vulnerability being addressed in the latest update that was
 just released well, Friday last week, allows for an
 unauthenticated remote attacker to update server
 configuration files, which as IBM puts it, could lead to
 perform unauthorized actions. I call it remote code
 execution, and the CVSS score of 9.8 kind of speaks to that.
 They also say that subsequently it will lead to a
 denial of service condition, which of course, if you do
 have unauthorized actions taking place first, is
 probably the least of your problems. Well, that is it for
 today. So thanks for listening. Thanks for liking,
 subscribing, and recommending this podcast. And talk to you
 again tomorrow. Bye.