Microsoft Security Bulletin MS04-028
Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)
Proof of concept code has been published. This means that someone with malicious intent will likely use it to create a virus or worm that spreads via .JPG files, probably within the next couple of weeks.
Many newer versions of Microsoft products are affected: Internet Explorer 6, Windows XP, XP SP1, Windows Server 2003, Office XP and its associated products (Word 2002, Outlook 2002, etc.), Office 2003 and its associated products (Word 2003, etc.), Project 2002/2003, Visio 2002/2003, most newer .NET products, Picture It! 7.0, Greetings 2002, and many more. Read the linked article above for a complete list.
Most older MS operating systems and products aren't affected, including Windows 2000 and Office 2000.
Windows XP with Service Pack 2 isn't affected.
Everyone is urged to run Windows Update as soon as practical. A GDI+ detection tool is available on Windows Update which will tell you if you have any vulnerable products on your system.
Also, make sure to be running an anti-virus program and keep it up to date. If my prediction comes true, I expect a virus spreading via .JPGs will spread fast and far.
Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)
Proof of concept code has been published. This means that someone with malicious intent will likely use it to create a virus or worm that spreads via .JPG files, probably within the next couple of weeks.
Many newer versions of Microsoft products are affected: Internet Explorer 6, Windows XP, XP SP1, Windows Server 2003, Office XP and its associated products (Word 2002, Outlook 2002, etc.), Office 2003 and its associated products (Word 2003, etc.), Project 2002/2003, Visio 2002/2003, most newer .NET products, Picture It! 7.0, Greetings 2002, and many more. Read the linked article above for a complete list.
Most older MS operating systems and products aren't affected, including Windows 2000 and Office 2000.
Windows XP with Service Pack 2 isn't affected.
Everyone is urged to run Windows Update as soon as practical. A GDI+ detection tool is available on Windows Update which will tell you if you have any vulnerable products on your system.
Also, make sure to be running an anti-virus program and keep it up to date. If my prediction comes true, I expect a virus spreading via .JPGs will spread fast and far.
Comment