hackfix-virusnews: Microsoft warns of poisoned picture peril
- From: "Christy" <snowz@xxxxxxxxxx>
- To: hackfix-virusnews@xxxxxxxxxxxxx
- Date: Thu, 16 Sep 2004 02:22:09 -0400
Microsoft warns of poisoned picture peril
By Kevin Poulsen, SecurityFocus
Published Wednesday 15th September 2004 07:39 GMT
The old bromide that promises you can't get a
computer virus by looking at an image file crumbled a
bit further Tuesday when Microsoft announced a
critical vulnerability in its software's handling of
the ubiquitous JPEG graphics format.
The security hole is a buffer overflow that
potentially allows an attacker to craft a special
JPEG file that would take control of a victim's
machine when the user views it through Internet
Explorer, Outlook, Word, and other programs. The
poisoned picture could be displayed on a website,
sent in email, or circulated on a P2P network.
Windows XP, Windows Server 2003 and Office XP are
vulnerable. Older versions of Windows are also at
risk if the user has installed any of a dozen other
Microsoft applications that use the same flawed code,
the company said in its advisory. The newly-released
Windows XP Service Pack 2 does not contain the hole,
but vulnerable versions of Office running atop it can
still be attacked if left unpatched. Patches are
available from Microsoft's website.
Read more here:
http://www.theregister.co.uk/2004/09/15/windows_jpeg_b
ug/
=A9 Copyright 2004
~*~*~*~*~
To unsubscribe from our list send an email
to hackfix-virusnews-request@xxxxxxxxxxxxx?Subject=unsubscribe.
For a complete list of email commands for our list send
an email to ecartis@xxxxxxxxxxxxx with a subject line of
"info hackfix-virusnews" without the quotes.
~*~*~*~*~
Other related posts:
- » hackfix-virusnews: Microsoft warns of poisoned picture peril
