Linked from Jim at [found.pale.org] ; bizzzare thing is that it was only a few days ago, I was theorising loudly and boozily on a London streetcorner in whether there might be something like this possible with Windows, because there have been such in the OSS space for a long time…
Notice especially the dig at P2P networks; were I an evil hacker, I’d try to slide one of these things into (say) a defacement at a major bank, or other portal…
The security hole is a buffer overflow that potentially allows an attacker to craft a special JPEG file that would take control of a victim’s machine when the user views it through Internet Explorer, Outlook, Word, and other programs. The poisoned picture could be displayed on a website, sent in email, or circulated on a P2P network.Windows XP, Windows Server 2003 and Office XP are vulnerable. Older versions of Windows are also at risk if the user has installed any of a dozen other Microsoft applications that use the same flawed code, the company said in its advisory. The newly-released Windows XP Service Pack 2 does not contain the hole, but vulnerable versions of Office running atop it can still be attacked if left unpatched. Patches are available from Microsoft’s website.
Leave a Reply