Microsoft warns of poisoned picture peril By Kevin Poulsen, SecurityFocus Published Wednesday 15th September 2004 07:39 GMT The old bromide that promises you can't get a computer virus by looking at an image file crumbled a bit further Tuesday when Microsoft announced a critical vulnerability in its software's handling of the ubiquitous JPEG graphics format. The security hole is a buffer overflow that potentially allows an attacker to craft a special JPEG file that would take control of a victim's machine when the user views it through Internet Explorer, Outlook, Word, and other programs. The poisoned picture could be displayed on a website, sent in email, or circulated on a P2P network. Windows XP, Windows Server 2003 and Office XP are vulnerable. Older versions of Windows are also at risk if the user has installed any of a dozen other Microsoft applications that use the same flawed code, the company said in its advisory. The newly-released Windows XP Service Pack 2 does not contain the hole, but vulnerable versions of Office running atop it can still be attacked if left unpatched. Patches are available from Microsoft's website. Read more here: http://www.theregister.co.uk/2004/09/15/windows_jpeg_b ug/ =A9 Copyright 2004 ~*~*~*~*~ To unsubscribe from our list send an email to hackfix-virusnews-request@xxxxxxxxxxxxx?Subject=unsubscribe. For a complete list of email commands for our list send an email to ecartis@xxxxxxxxxxxxx with a subject line of "info hackfix-virusnews" without the quotes. ~*~*~*~*~