JPEG vulnerability afflicts Microsoft software


— 4:36 AM on September 15, 2004

Windows users have a new critical vulnerability to worry about, and this one's potentially nasty. According to Microsoft, a buffer overrun in JPEG processing could allow remote code execution. A host of operating systems and applications are affected, including Windows XP SP1, Windows Server 2003, Office XP and 2003, and several versions of Project, Visio, Visual Studio .NET, just to name a few.

As ZDNet points out, this latest vulnerability has the potential to be very nasty:

The critical flaw has to do with how Microsoft's operating systems and other software process the widely used JPEG image format and could let attackers create an image file that would run a malicious program on a victim's computer as soon as the file is viewed. Because the software giant's Internet Explorer browser is vulnerable, Windows users could fall prey to an attack just by visiting a Web site that has affected images.
Time to get patching. Thanks to TR reader JT for the tip.
Tip: You can use the A/Z keys to walk threads.
View options

This discussion is now closed.