A security flaw in the way many Microsoft applications process JPEG images could allow an attacker to gain control over a computer running the software, Microsoft warned this week.
Any program that processes JPEG images could be vulnerable, Microsoft says in Security Bulletin MS04-028. To take advantage of the flaw, an attacker would have to persuade a user to open a specially crafted image file. The image could be hosted on a Web site, included in an e-mail or Office document, or hosted on a local network, Microsoft says.
A wide range of Microsoft software, including various versions of its Windows and Office products, is vulnerable. Additionally, applications created with Microsoft’s Visual Studio developer tool or the .Net Framework and third-party applications that distribute their own copy of the vulnerable JPEG parsing engine may also be vulnerable, Microsoft says.
Software updates to correct the flaw in its products are available from Microsoft. The software maker also offers a tool to scan a PC for certain installed products that are known to contain the vulnerable JPEG image processing engine.
Leave a Reply