Saturday, September 25, 2004

JPeG Vulnerability Exploit

As I reported earlier, a vulnerability, which allows code execution, has been found in Microsoft's GDI+ JPEG decoder. Microsoft has posted detailed information on the vulnerability and affected systems in MS04-028.
A proof-of-concept exploit which executes code on the victim's computer when opening a JPG file has been posted to a public website.