[X4U] Major Graphics flaw
Craig
craig at craigwdesigns.com
Fri Sep 17 04:59:33 PDT 2004
On Sep 17, 2004, at 3:04 AM, Eugene Lee wrote:
> On Fri, Sep 17, 2004 at 10:05:54AM +0200, Paul Moortgat wrote:
> :
> : Read it all in ZDNet
> :
> : Major graphics flaw threatens Windows PCs
> :
> : http://news.zdnet.com/2100-1009_22-5366314.html
>
> Old news. Basically, there's a bug in way Windoze reads JPEGs that
> allows malicious code to get executed.
Not that old, they just announced it Tuesday. Maybe you're thinking the
same thing I did when I read it in the news, I confused it with last
month's png vulnerability (quote from the zdnet article):
"The flaw is unrelated to another image vulnerability found in early
August. That vulnerability, in a common code library designed to
support the Portable Network Graphics, or PNG, format, affected
applications running on Linux, Windows and Apple's Mac OS X. Both the
JPEG, which stands for Joint Photographic Experts Group, and PNG
formats are commonly used by Web sites."
But here's the funny part!
" The JPEG image-processing vulnerability is the latest flaw from
Microsoft and the source of the company's 28th advisory this year.
Microsoft frequently includes multiple issues in a single advisory;
four advisories in April, for example, contained more than 20
vulnerabilities."
-Craig
More information about the X4U
mailing list