JPEGS of Death

[Phantasm66]

"Shortly after the initial proof of concept code was posted, some C language code was posted that would create a JPG file that starts a command prompt shell in Windows and opens a port. A hacking tool also became available that would allow anyone to create exploitable JPG files. On Monday, Easynews, a newsgroup service company reported getting the first JPG exploit virus."

As we recently reported, the Windows graphics vulnerability, whereby under certain conditions an attacker can compromise any computer running Windows when the user simply looks at a page with a malicious jpeg image, has made its way into the wild in the form of a virus. For the low down on this security danger, have a quick lookie here, where you can read all about the "JPEGS of Death".

To protect yourself from this threat, we recommend that you install Windows XP Service Pack 2, or update MS04-028.

 

[Didou]

Originally posted by Phantasm66
To protect yourself from this threat, we recommend that you install Windows XP Service Pack 2, or update MS04-028.

So the critical update (MS04-028) is included in SP2 ?

 

[me(who else?)]

Linux isn't vulnerable, right? (I'm pretty sure it said that, but I thought there might be a vulnerability)

 

[Mictlantecuhtli]

Nitpicking aside, Linux and Mac are vulnerable too.