The day JPEG images stopped being secure
Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)
I am NOT joking here people. Against popular belief that receiving and displaying images on a windows OS is safe, it is no longer. To make things worse, POC has been released so we can expect quite some worms and virusses using this exploit in the next days/weeks.
A full list of products affected can be found amongst others in the Secunia bulletin.
If you run windows XP, and haven't updated to SP2, this might be a good time to do it. If you can't/won't, at least check the affected software list, and install those patches.
Update 2004-09-24 : According to an article in The Register, an exploit toolkit for this vulnerability has been spotted in the wild!
Posted by ServMe at September 23, 2004 4:51 PM
| Security Alert |