View Full Version : Security - Dont touch that JPG!

15-09-2004, 03:56 PM
Havent seen this on PF1 either, so I figured I'd post:

Microsoft and JPG's just dont mix - At least on any product from the past 3 years that uses jpg files.

Affected software includes:
* Windows XP
* Windows XP Service Pack 1 (SP1)
* Windows Server 2003
* Internet Explorer 6 SP1
* Office XP SP3
Note Office XP SP3 includes Word 2002, Excel 2002, Outlook 2002, PowerPoint 2002, FrontPage 2002, and Publisher 2002.
* Office 2003
Note Office 2003 includes Word 2003, Excel 2003, Outlook 2003, PowerPoint 2003, FrontPage 2003, Publisher 2003, InfoPath 2003, and OneNote 2003.
* Digital Image Pro 7.0
* Digital Image Pro 9
* Digital Image Suite 9
* Greetings 2002
* Picture It! 2002 (all versions)
* Picture It! 7.0 (all versions)
* Picture It! 9 (all versions, including Picture It! Library)
* Producer for PowerPoint (all versions)
* Project 2002 SP1 (all versions)
* Project 2003 (all versions)
* Visio 2002 SP2 (all versions)
* Visio 2003 (all versions)
* Visual Studio .NET 2002
Note Visual Studio .NET 2002 includes Visual Basic .NET Standard 2002, Visual C# .NET Standard 2002, and Visual C++ .NET Standard 2002.
* Visual Studio .NET 2003
Note Visual Studio .NET 2003 includes Visual Basic .NET Standard 2003, Visual C# .NET Standard 2003, Visual C++ .NET Standard 2003, and Visual J# .NET Standard 2003.
* .NET Framework 1.0 SP2
* .NET Framework 1.0 SDK SP2
* .NET Framework 1.1
* Platform SDK Redistributable: GDI+

Apparently Windows XP SP2 isnt affected, but Im not sure if that means that IE 6 is still vulnerable or not on SP2 machines.


15-09-2004, 04:08 PM
well chill,
that must have everyone running scared. Have you tried the link?

Bruce, my curser is doing that thing again

15-09-2004, 04:36 PM
Now that there's no space, try here (http://news.google.com/?hl=en&ncl=http://www.mercurynews.com/mld/mercurynews/business/9662784.htm)

15-09-2004, 05:49 PM
Looks like theyre available now the office 2002 fixes from the officeupdate site, and XP SP2 picks up some GDI tool @ Windowsupdate.

15-09-2004, 06:19 PM
Yes Spacemannz
I got the GDI tool (for Windows ME) to check for Microsoft imaging software on my PC that may need the security update and it told me that there is none. I would have thought that Microsoft Photo Editor would have qualified.
Misty ?:|

15-09-2004, 09:56 PM
Picked it up earlier today.
Had to download a small program that was supposed to check the XP (with SP2) then go and pick up what was needed from another MS site. The page wasn't available.?:|
Whatever. Back to my Mac and I'll try again next time I boot up the XP.

16-09-2004, 05:14 AM
Hay Chill your post is just 13 hours old and this is what it leads to,_

No articles related to http://www.mercurynews.com/mld/mercuryn ews/business/9662784.htm were found.

Vince ?:|

16-09-2004, 05:24 AM
I just discovered your second link. I should learn to read to the bottom of the thread before making a post, shouldn't I? :8}

Interestingly I happened to visit windows update about an hour ago; no vulnerabilities. :-) Vince

16-09-2004, 07:25 AM
Windows Updates ( checked manually on my comp since I disabled auto updates ) now shows 2 critical for my 98SE.

(1) Security Update for IE6 Service Pack 1 (KB833989) 1.0MB

(2) Microsoft Detection Tool ( KB873374)

Haven't investigated No 2 ( As I'm using Firefox, there's no hurry)

But No 1 sure looks important for people using pix.

Murray P
16-09-2004, 09:27 AM
MS Security Releases (http://www.wired.com/news/infostructure/0,1377,64959,00.html?tw=wn_tophead_8)

It isn't so much a JPEG problem as a well ummm, you know, kind of like a feature in some MS products.

Laura, you should still patch IE even though you are using firefox, some of these things head straight for IE or it's hooks whether it's open or not. Ok :)

Cheers Murray P

16-09-2004, 11:09 AM
I wonder how that'd work if you followed my How-To (Edited kindly by another PF1 user, Ive forgotten your name sorry) on how to remove IE and replace it with Firefox :-/