Evo
24th Sep 2004, 13:21
Folks, there's a potentially
very nasty problem (http://www.securityfocus.com/advisories/7211) with the way in which Windows displays jpeg images, which means that a machine could be vulnerable when viewing images on the web or when your e-mail program displays images contained in messages. As far as I know the problem is a proof of concept, but it's a fair bet that someone will find a use for it soon.
The most common software to be affected is Windows XP (with or without Service Pack 1), Internet Explorer 6 SP1 and Office XP SP3 or 2003. If you run any of these, you should take a look at
Microsoft advice on jpg vulnerability (http://www.microsoft.com/security/bulletins/200409_jpeg.mspx)
It also affects many other Microsoft products, such as Publisher, Visio, Visual C++ etc. so if you run other Microsoft software you should check the full list here (http://securityresponse.symantec.com/avcenter/security/Content/11173.html).
Windows XP SP2 is not affected; however, it is possible to have multiple versions of the vulnerable library, so I think all affected products need to be patched individually (i.e. Windows XP SP2 users do still need to update Office). The MS link should provide the info you need.
very nasty problem (http://www.securityfocus.com/advisories/7211) with the way in which Windows displays jpeg images, which means that a machine could be vulnerable when viewing images on the web or when your e-mail program displays images contained in messages. As far as I know the problem is a proof of concept, but it's a fair bet that someone will find a use for it soon.
The most common software to be affected is Windows XP (with or without Service Pack 1), Internet Explorer 6 SP1 and Office XP SP3 or 2003. If you run any of these, you should take a look at
Microsoft advice on jpg vulnerability (http://www.microsoft.com/security/bulletins/200409_jpeg.mspx)
It also affects many other Microsoft products, such as Publisher, Visio, Visual C++ etc. so if you run other Microsoft software you should check the full list here (http://securityresponse.symantec.com/avcenter/security/Content/11173.html).
Windows XP SP2 is not affected; however, it is possible to have multiple versions of the vulnerable library, so I think all affected products need to be patched individually (i.e. Windows XP SP2 users do still need to update Office). The MS link should provide the info you need.