NEWS FROM THE LAB - Thursday, September 23, 2004

JPG vulnerability exploit Posted by Gergo @ 14:27 GMT

As we reported earlier, a vulnerability, which allows code execution, has been found in Microsoft's GDI+ JPEG decoder. Microsoft has posted detailed information on the vulnerability and affected systems in MS04-028.

A proof-of-concept exploit which executes code on the victim's computer when opening a JPG file has been posted to a public website.


For anybody with unpached systems it is time to patch now.