Reported September 14, 2004, by Microsoft
VERSIONS AFFECTED
|
DESCRIPTION
A buffer-overrun vulnerability in the processing of JPEG image formats could
allow remote code execution on a vulnerable system. Any program that processes
JPEG images on the affected systems could be vulnerable to this attack, as
could any system that uses the affected programs or components. A potential
attacker who successfully exploited this vulnerability could take complete
control of an affected system.
VENDOR RESPONSE
Microsoft has released
security bulletin MS04-028, "Buffer Overrun in JPEG Processing (GDI+)
Could Allow Code Execution (833987)," to address this vulnerability and
recommends that affected users immediately apply the appropriate patch listed
in the bulletin.
CREDIT
Discovered by Nick DeBaggis.