Flaw in Microsoft JPEG Parsing
KDan writes "As reported by numerous sources, a new vulnerability has been disclosed (and patched) by Microsoft. This one concerns the parsing of JPEGs in XP Microsoft applications. A buffer overflow can be used to execute arbitrary code. So all those times you told your parents/friends that looking at images was safe - well, not anymore."
The problem is not "forcing" people to open attachments, the problem has always been that people open attachments.
Call me old school, but remember back in the day when opening e-mail was ok, and that executable attachments were what we watched out for? Images were ok, MIDI files were ok, and a bit later, even MP3 files were ok.
Of course if the same codebase were used then, it NEVER was ok...but we sure thought things were juuuust fine.
Is this any way related to the leaked code that led to a vuln discovery regarding BMP files? I know it's a different format but seems like parsing image files spells some trouble.
I like the phrase "no way to force users to visit a malicious Web site". How many users have image views enabled in their mail client? How hard would it be for a shady advertiser or a hacked advertiser to include a malicous JPEG as a banner ad?
Well yea because you wouldn't expect a file cabnet to shred your files.
On the other hand Microsoft spent years conditioning people to belive that computers just randomly shred your files.
Paying taxes to buy civilization is like paying a hooker to buy love.
"There is no way for an attacker to force a user to open a malicious file."
This has got to be one of the stupidest things MS has ever said.
It's called spam!!!
99.999% of email programs and browsers automatically "open" images for viewing
We all get spam
the image can be a logo or something nonsuspicious
embedded in the email
So you only have to read the email
to get infected