www.pcworld.com/news/article/0,aid,117776,00.asp
Microsoft Warns of Critical JPEG Flaw Handling of images could allow an attacker to take over your PC. Joris Evers, IDG News Service Tuesday, September 14, 2004 A security flaw in the way many Microsoft applications process JPEG images could allow an attacker to gain control over a computer running the software, Microsoft warned this week.
To take advantage of the flaw, an attacker would have to persuade a user to open a specially crafted image file. The image could be hosted on a Web site, included in an e-mail or Office document, or hosted on a local network, Microsoft says.
Net Framework and third-party applications that distribute their own copy of the vulnerable JPEG parsing engine may also be vulnerable, Microsoft says. Software updates to correct the flaw in its products are available from Microsoft. The software maker also offers a tool to scan a PC for certain installed products that are known to contain the vulnerable JPEG image processing engine.
Microsoft's rating system for security issues, vulnerabilities that could allow a malicious Internet worm to spread without any action required on the part of the user are rated critical. Issues that will not lead to the spread of a worm without any action taken by the user, but could still expose user data or threaten system resources, are rated important. The JPEG flaw was reported privately to Microsoft and it was not disclosed prior to the release of the warning and patches, the software maker says. There have been no reports of the issue being exploited, Microsoft says.
warned of a flaw in the WordPerfect 5x Converter that it supplies as part of Office 2000, Office XP, Office 2003, and recent editions of its Works Suite. The WordPerfect converter flaw, which Microsoft rates "important," could allow an attacker to gain full control over a victim's PC, Microsoft says. A software patch is available for the vulnerable products to fix the problem.
|