Windows JPEG Exploit
An exploit in the GDI+ API has been found on Windows systems that will allow a virus to be spread by viewing a JPEG file. The GDI+ API is the graphics rendering engine that both Internet Explorer and Outlook use to view JPEG files. In addition to Internet Explorer and Outlook, WS_FTP Pro 9.0.1 is also vulnerable. We have contacted the manufacturer about the problem and they are aware of it. This means that a virus could be spread to unprotected systems simply by going to a web site. Because of this, the Help Desk and Microsoft highly recommend all users upgrade their Windows and Office software to protect themselves from this vulnerability. Microsoft has a web site at http://www.microsoft.com/security/bulletins/200409_jpeg.mspx specifically for this exploit. This site has links to both Windows and Office Update and more information about this exploit. It is also recommended to go to http://isc.sans.org/gdiscan.php which has a tool to scan your system for any vulnerable files.
At this time (9/23/2004) no viruses are known to use this exploit, however, example code has been written that does take advantage of this exploit. In the past, major virus outbreaks came out within one week of example code being written for exploits. Because of this, we recommend updating systems sooner than later. This exploit will not affect programs such as Firefox, Opera and most graphics editing programs as they do not use the GDI+ API.
Last Updated: 04/24/2008