Skip navigation

Buffer Overrun in Microsoft JPEG Processing (GDI+)

Reported September 14, 2004, by Microsoft


  • Windows Server 2003
  • Windows XP
  • Microsoft Office 2003
  • Microsoft Office XP
  • Microsoft Project 2002 and 2003
  • Microsoft Visio 2002 and 2003
  • Microsoft Visual Studio .NET 2002 and 2003
  • Microsoft Windows .NET Framework 1.0 SDK Service Pack 2
  • Microsoft Picture It! 2002 versions 7.0 and 9
  • Microsoft Greetings 2002
  • Microsoft Digital Image Pro versions 7.0 and 9
  • Microsoft Digital Image Suite 9
  • Microsoft Producer for Microsoft Office PowerPoint
  • Microsoft Platform SDK Redistributable: GDI+

A buffer-overrun vulnerability in the processing of JPEG image formats could allow remote code execution on a vulnerable system. Any program that processes JPEG images on the affected systems could be vulnerable to this attack, as could any system that uses the affected programs or components. A potential attacker who successfully exploited this vulnerability could take complete control of an affected system.

Microsoft has released security bulletin MS04-028, "Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)," to address this vulnerability and recommends that affected users immediately apply the appropriate patch listed in the bulletin.

Discovered by Nick DeBaggis.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.