|
|
Microsoft JPEG Hoax!
Hi
Microsoft has recently started a campaign to update their software for an error in JPEG processing: Microsoft Security Bulletin MS04-028 Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987): http://www.microsoft.com/technet/sec.../MS04-028.mspx They claim that after the update their software is secure. However, this is WRONG! The reason is that they don't fix another fatal JPEG processing error in their software which is known for years and which can be reproduced by trying to open the following image file with Microsoft Explorer or other softwa http://sylvana.net/test/AP4.jpg Opening this image file with faulty JPEG software can crash the application or even the system! The error was solved in 1998 with release 6b of the Independent JPEG Group software, but there are still many applications in use, like Microsoft's Internet Explorer, which haven't been updated and thus crash with this error. Software based on IJG's v6b JPEG software library, which is available since 1998, is not affected by this problem. Regards Guido |
"Guido Vollbeding" wrote in message ... SNIP http://sylvana.net/test/AP4.jpg Opening this image file with faulty JPEG software can crash the application or even the system! It doesn't crash my Windows Internet Explorer (after the patch on XP Pro). Bart |
"Guido Vollbeding" wrote in message ... SNIP http://sylvana.net/test/AP4.jpg Opening this image file with faulty JPEG software can crash the application or even the system! It doesn't crash my Windows Internet Explorer (after the patch on XP Pro). Bart |
"Guido Vollbeding" wrote in message ... SNIP http://sylvana.net/test/AP4.jpg Opening this image file with faulty JPEG software can crash the application or even the system! It doesn't crash my Windows Internet Explorer (after the patch on XP Pro). Bart |
Bart van der Wolf wrote:
http://sylvana.net/test/AP4.jpg Opening this image file with faulty JPEG software can crash the application or even the system! It doesn't crash my Windows Internet Explorer (after the patch on XP Pro). Bart, may I say that it doesn't surprise me to see such response from someone like you ?;-) Regards Guido |
Bart van der Wolf wrote:
http://sylvana.net/test/AP4.jpg Opening this image file with faulty JPEG software can crash the application or even the system! It doesn't crash my Windows Internet Explorer (after the patch on XP Pro). Bart, may I say that it doesn't surprise me to see such response from someone like you ?;-) Regards Guido |
Bart van der Wolf wrote:
http://sylvana.net/test/AP4.jpg Opening this image file with faulty JPEG software can crash the application or even the system! It doesn't crash my Windows Internet Explorer (after the patch on XP Pro). Bart, may I say that it doesn't surprise me to see such response from someone like you ?;-) Regards Guido |
"Guido Vollbeding" wrote in message ...
Hi Microsoft has recently started a campaign to update their software for an error in JPEG processing: Microsoft Security Bulletin MS04-028 Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987): http://www.microsoft.com/technet/sec.../MS04-028.mspx They claim that after the update their software is secure. However, this is WRONG! The reason is that they don't fix another fatal JPEG processing error in their software which is known for years and which can be reproduced by trying to open the following image file with Microsoft Explorer or other softwa http://sylvana.net/test/AP4.jpg Opening this image file with faulty JPEG software can crash the application or even the system! The error was solved in 1998 with release 6b of the Independent JPEG Group software, but there are still many applications in use, like Microsoft's Internet Explorer, which haven't been updated and thus crash with this error. Software based on IJG's v6b JPEG software library, which is available since 1998, is not affected by this problem. Regards Guido -------- I just tried opening the test jpg and received the following message: "Internet Explorer has encountered a problem and needs to close. We are sorry for the inconvenience." Only the message ... no shutdown ... no crash. I also use Win Pro. Could the problem be OS dependent? Don F |
"Guido Vollbeding" wrote in message ...
Hi Microsoft has recently started a campaign to update their software for an error in JPEG processing: Microsoft Security Bulletin MS04-028 Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987): http://www.microsoft.com/technet/sec.../MS04-028.mspx They claim that after the update their software is secure. However, this is WRONG! The reason is that they don't fix another fatal JPEG processing error in their software which is known for years and which can be reproduced by trying to open the following image file with Microsoft Explorer or other softwa http://sylvana.net/test/AP4.jpg Opening this image file with faulty JPEG software can crash the application or even the system! The error was solved in 1998 with release 6b of the Independent JPEG Group software, but there are still many applications in use, like Microsoft's Internet Explorer, which haven't been updated and thus crash with this error. Software based on IJG's v6b JPEG software library, which is available since 1998, is not affected by this problem. Regards Guido -------- I just tried opening the test jpg and received the following message: "Internet Explorer has encountered a problem and needs to close. We are sorry for the inconvenience." Only the message ... no shutdown ... no crash. I also use Win Pro. Could the problem be OS dependent? Don F |
"Guido Vollbeding" wrote in message ... Bart van der Wolf wrote: http://sylvana.net/test/AP4.jpg Opening this image file with faulty JPEG software can crash the application or even the system! It doesn't crash my Windows Internet Explorer (after the patch on XP Pro). Bart, may I say that it doesn't surprise me to see such response from someone like you ?;-) Of course you may, but it doesn't change the fact that the patch solved what you said would happen despite the patch. Bart |
| All times are GMT +1. The time now is 11:26 PM. |
Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
PhotoBanter.com