Google
Web pcflank.com
PC Flank Logo
 Make sure
you're protected
on all sides
 Test Your System
 PC Flank Leaktest NEW!
 Quick Test
 Stealth Test
 Browser Test
 Trojans Test
 Advanced Port Scanner
 Exploits Test
 Internet Speed Test NEW!
 Ask the experts
 Leak Tests Catalog NEW!
 Glossary
 Free Security Software
 Comparison & Download NEW!

 

Tip of the day
Regularly update your anti-virus software.
Security News

First JPEG virus on the move

September 16, 2004

Microsoft on Tuesday has announced its discovery of new and potentially critical type of computer virus--malicious code contained in a JPEG graphic file format.

It is the first time in a PC viruses' history, that a mere looking at a photo or picture of JPEG format might jeopardize the security of your machine. "It was someone saying that just looking at a JPEG on your screen can get you a virus," recalls Rob Rosenberg, editor of the debunking site Vmyths.com. "In '94 it was a myth, but in '04 it's the real thing... We've got the JPEG of death now."

The security hole is a buffer overflow that potentially allows an attacker to craft a special JPEG file that would take control of a victim's machine as soon as the file is viewed through Internet Explorer, Outlook, Word, Project, Visio, Picture It, Digital Image Pro and many other programs. The infested picture could be displayed on a website, sent in email, or circulated on a P2P network. The JPEG processing flaw enables a program hidden in an image file to execute on a victim's system. Microsoft has called this vulnerability "critical" and urges every Windows or Office user to get a patch found on its Office Update and Windows Update Web site.

Windows XP, Windows Server 2003 and Office XP are vulnerable. Older versions of Windows are also at risk if the user has installed any of a dozen other Microsoft applications that use the same flawed code, the company said in its advisory. The newly-released Windows XP Service Pack 2 does not contain the hole, but vulnerable versions of Office running on it can still be exploited if left unpatched.

The severity of the flaw had some security experts worried that a virus exploiting the issue may be on the way. "The potential is very high for an attack," said Craig Schmugar, virus research manager for security software company McAfee. "But that said, we haven't seen any proof-of-concept code yet." Such code illustrates how to abuse flaws and generally appears soon after a software maker publishes a patch for one of its products.

The JPEG bug emphasizes a growing number of vulnerabilities in code that displays image files. Mozilla developers last month patched the open-source browser against a critical hole discovered in a widely-deployed library for processing PNG images. And last July, Microsoft simultaneously fixed two image display holes in Internet Explorer: one that made users potentially vulnerable to maliciously-crafted BMP images, the second to corrupt GIF files. The GIF bug had been publicly disclosed 11 months earlier.

 
 
Start Page
Make "PC Flank" your   
Start Page!   
Make

 
Sponsored links


   
 
   
Outpost Firewall PRO 3.0 - complete protection on the Internet!

 
Privacy Policy
    Advertiser Info		 Site Map
    Contact Us

 
 
© 2011 PC Flank Ltd. All rights reserved.