Friday, September 17, 2004

Run Internet Explorer? Don't look at the pictures...

Microsoft have warned of an exploit affecting a large chunk of their programs where loading a malformed JPEG picture could allow your PC to be hacked. Don't worry though - it's only if you can be 'persuaded' to load said malformed JPEG. I hope this only works on the File / Open command in Internet Explorer. If it works on inline images (ie the images you see on a web page) there will be a lot of people being 'persuaded' to load these images right now.

1 comment:

Merg said...

Reading the Microsoft announcement, it appears that loading JPEGs from a website can indeed trigger the overflow vulnerability.

They claim that XP with SP2 isn't affected unless you've installed any of the other software that is... then you "might be". So, clear as mud for the average bod.

I spent part of today helping a friend clean up after a trojan infection brought about by browsing with IE... there were at least 7 different trojans installed.

No wonder I push Firefox at people...