Lockdown.co.uk - The Home Computer Security Centre

LockDown is the source for security information and resources for the home computer user.




Web www.lockdown.co.uk   

Now even JPEG’s are scary for Windows users

Filed under: September 15, 2004

Almost unbelievably Microsoft have revealed that there is a critical flaw in their code that handles the display of JPEG Images in many Microsoft products including Windows XP, Office XP, Office 2003, Visual Studio .NET and even Internet Explorer. For years people have always held that JPEG’s are safe, they’re not executables and there’s no chance of them holding any malicious code, that was until now.

The flaw is that there is a potential for maliciously crafted JPEG image to create buffer overflow when viewed, executing malicious code in order to attack the users system.

This is particularly embarrassing for Microsoft as even they have held in the past that JPEG is a safe filetype. This news will no doubt receive much press attention and I bet Microsoft are thanking their lucky stars that they managed to get a set of patches created before details of the exploit went public.
Because so many products and components are affected it’s not easy to tell if you’re affected so Microsoft have created a tool that detects if your system is vulnerable.
Trustworthy Computing anyone?