ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


Desktop platforms Toolkit in association with http://ad.doubleclick.net/clk;205413468;14699245;m?http://adfarm.mediaplex.com/ad/ck/2397-58840-22058-14

Windows PCs threatened by JPEG-handling flaw

Robet Lemos CNET News.com

Published: 15 Sep 2004 09:00 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

The JPEG processing flaw enables a program hidden in an image file to execute on a victim's system. The flaw is unrelated to another image vulnerability found in early August. That vulnerability, in a common code library designed to support the Portable Network Graphics, or PNG, format, affected applications running on Linux, Windows and Apple's Mac OS X. Both the JPEG, which stands for Joint Photographic Experts Group, and PNG formats are commonly used by Web sites.

As part of a notification program that has been in place since April 2004, any customer that had signed a nondisclosure agreement with Microsoft received a three-day advance warning about the JPEG flaw.

"Some customers wanted to get more information, for planning purposes," Toulouse said, responding to media reports that premium customers were getting advanced notice of security issues. He directed interested customers to their Microsoft sales representative to get more information on the program. The information given to participants in the program is limited to the number of flaws, the applications affected and the maximum threat level assigned to the flaws.

The JPEG image-processing vulnerability is the latest flaw from Microsoft and the source of the company's 28th advisory this year. Microsoft frequently includes multiple issues in a single advisory; four advisories in April, for example, contained more than 20 vulnerabilities.

A second patch released by Microsoft on Tuesday fixes a flaw in the WordPerfect file converter in Microsoft Office, Publisher, Word and Works. That flaw is rated "important," Microsoft's second-highest threat level, just below "critical." The vulnerability would let an attacker take control of the victim's PC, if that user opened a malicious WordPerfect document.

More information on the second flaw can be found in the advisory on Microsoft's Web site. The software giant recommends that customers use Office Update to download the fix.

Next

Previous

1 2


  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Did you find this article useful?
128 out of 328 people found this useful


Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Desktop platforms



Company/Topic Alerts

Create a new alert from the list below:





Desktop Management Benchmarking

Test Your Desktop Management Systems

How good are your company's desktop management solutions? How do they compare with those of your peers?

Take two minutes to complete our new Desktop Management and Energy Consumption benchmark, and find out what issues your business needs to focus on.