?

Log in

No account? Create an account
Not a pretty picture - Critical JPEG vulnerability discovered A new… - Peter Sheil [entries|archive|friends|userinfo]
Peter Sheil

[ website | Peter's Home Page ]
[ userinfo | livejournal userinfo ]
[ archive | journal archive ]

[Sep. 16th, 2004|03:52 pm]
Peter Sheil
Not a pretty picture - Critical JPEG vulnerability discovered
A new critical security vulnerability has been discovered by Microsoft which could enable JPEG image files to launch malicious code on a user's computer. Find out more and ensure you have the patches in place.

http://www.sophos.com/virusinfo/articles/critical16sep04.html
LinkReply

Comments:
[User Picture]From: kevinrtaylor
2004-09-16 08:13 am (UTC)
According to this one:
http://www.sophos.com/virusinfo/articles/perrun.html
the virus can only become active if your machine is already infected by a helper virus.
There is no need to update microsoft products to combat this virus. Just keeping your normal virus protection up to date should be all you need.
W32/Perrun-A is the helper virus.
(Reply) (Thread)
[User Picture]From: petersheil
2004-09-16 08:29 am (UTC)
I guess these are two different vulnerabilities - your link was to an article from June 2002 whilst mine came from a Sophos news letter I recieved today.
(Reply) (Parent) (Thread)
[User Picture]From: kevinrtaylor
2004-09-17 02:33 am (UTC)
I admit to confusion.
My link was at the bottom of the page you linked to but now I see from:
Microsoft Security Bulletin MS04-028
Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)

that this is another programming error from Microsoft. How many buffer overrun problems do they need to have before they institute a policy of checking buffer limits on all new software? It's not that hard to do.
Conspiracy theory suggests that they deliberately include these problems to force customers to download and install the updates, which contain who-knows-what other "enhancements".
Maybe I'm being paranoid.
Or maybe someone is trying to trick me into thinking I'm paranoid.
(Reply) (Parent) (Thread)
[User Picture]From: petersheil
2004-09-17 08:40 am (UTC)
*shhh or he'll hear*
No Kevin, it's just one of those things. :)

Actually it all comes down to bad programming!
Blah! I smite Microsoft programmers with the wand of discontinuance which makes them all ... and then I'd really hurt them :)
(Reply) (Parent) (Thread)
From: tsunami_7
2004-09-16 10:21 am (UTC)
this is old news. the windows and the office update came out 2 days ago, or visit this link for more details or individual updates of software.

http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx

...........................................................
talking about jpegs...
hey pete, don't know if you are into cameras but i just bought myself a canon powershot s60 digital camera with 5.0M pixel ('when unhappy shop' is my motto lol.) anyhoo, it takes amazing pics really really clear, so if you are after a camera i would strongly recommend this one. have been messing around with it and took some pics, it's so easy to use even my son has had a go --- we took pics of each other, i've put one of them up as my background_img on my lj --- of course being a designer i could not leave well enough alone, i had to dirty it up in photoshop! us designers are so typical...
(Reply) (Thread)
From: tsunami_7
2004-09-16 10:54 am (UTC)
oh, in case you are wondering about the 'black spatters', well there is only so much one can do with the cloning tool. i had an eye area that needed covering...you understand.
(Reply) (Parent) (Thread)
[User Picture]From: petersheil
2004-09-16 05:30 pm (UTC)
I understand.
(hugs)
(Reply) (Parent) (Thread)
[User Picture]From: petersheil
2004-09-16 05:28 pm (UTC)
I have a Minolta Dimage Z1; only 3.2M pixel but a 10x optical zoom and 4x digital so I can do real close-ups from a long way away :)

Before that my first camera was an Olympus Camedia some number or the other :) (maybe 2100?) Had a 3x optical zoom and through the lens view finder.

I'd actually like one of the new digital SLRs with the professional bodies and interchangeable lenses ... but I can't justify spendin that sort of money right now.

I think the link you gave is actually in the Sophos web page - I don't scan MS stuff all the time so the first I saw of it was on a weekly newsletter.

I'll have a look at your pic later ... probaly not tonight right now but later today, when I've slept a bit and then woken up :)

Peace and (hugs)
peter
(Reply) (Parent) (Thread)
[User Picture]From: petersheil
2004-09-16 05:32 pm (UTC)
That should have read "... my first digital camera was an Olympus ..."
derrr
(Reply) (Parent) (Thread)
From: fruitbatz
2004-09-17 03:52 am (UTC)
oh wow
(Reply) (Thread)