[X4U] Major Graphics flaw

Craig craig at craigwdesigns.com
Fri Sep 17 04:59:33 PDT 2004


On Sep 17, 2004, at 3:04 AM, Eugene Lee wrote:

> On Fri, Sep 17, 2004 at 10:05:54AM +0200, Paul Moortgat wrote:
> :
> : Read it all in ZDNet
> :
> : Major graphics flaw threatens Windows PCs
> :
> : http://news.zdnet.com/2100-1009_22-5366314.html
>
> Old news.  Basically, there's a bug in way Windoze reads JPEGs that
> allows malicious code to get executed.

Not that old, they just announced it Tuesday. Maybe you're thinking the 
same thing I did when I read it in the news, I confused it with last 
month's png vulnerability (quote from the zdnet article):

"The flaw is unrelated to another image vulnerability found in early 
August. That vulnerability, in a common code library designed to 
support the Portable Network Graphics, or PNG, format, affected 
applications running on Linux, Windows and Apple's Mac OS X. Both the 
JPEG, which stands for Joint Photographic Experts Group, and PNG 
formats are commonly used by Web sites."

But here's the funny part!

" The JPEG image-processing vulnerability is the latest flaw from 
Microsoft and the source of the company's 28th advisory this year. 
Microsoft frequently includes multiple issues in a single advisory; 
four advisories in April, for example, contained more than 20 
vulnerabilities."

-Craig




More information about the X4U mailing list