The day JPEG images stopped being secure


Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)

I am NOT joking here people. Against popular belief that receiving and displaying images on a windows OS is safe, it is no longer. To make things worse, POC has been released so we can expect quite some worms and virusses using this exploit in the next days/weeks.

A full list of products affected can be found amongst others in the Secunia bulletin.

If you run windows XP, and haven't updated to SP2, this might be a good time to do it. If you can't/won't, at least check the affected software list, and install those patches.

Update 2004-09-24 : According to an article in The Register, an exploit toolkit for this vulnerability has been spotted in the wild!


Wow. I run win 2k, and I'm not affected. Odd.

i finally installed sp2...
seems to run smoothly

Monthly Archives


OpenID accepted here Learn more about OpenID
Powered by Movable Type 5.04

About this Entry

This page contains a single entry by ServMe published on September 23, 2004 4:51 PM.

Wow... could this be true? was the previous entry in this blog.

Holy F*! is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.