"Guido Vollbeding" wrote in message ...
Hi
Microsoft has recently started a campaign to update their software
for an error in JPEG processing:
Microsoft Security Bulletin MS04-028
Buffer Overrun in JPEG Processing (GDI+)
Could Allow Code Execution (833987):
http://www.microsoft.com/technet/sec.../MS04-028.mspx

They claim that after the update their software is secure.
However, this is WRONG!
The reason is that they don't fix another fatal JPEG processing
error in their software which is known for years and which can
be reproduced by trying to open the following image file with
Microsoft Explorer or other softwa

http://sylvana.net/test/AP4.jpg

Opening this image file with faulty JPEG software can crash the
application or even the system!
The error was solved in 1998 with release 6b of the Independent
JPEG Group software, but there are still many applications in
use, like Microsoft's Internet Explorer, which haven't been
updated and thus crash with this error.
Software based on IJG's v6b JPEG software library, which
is available since 1998, is not affected by this problem.

Regards
Guido
--------
I just tried opening the test jpg and received the following message:
"Internet Explorer has encountered a problem and needs to close. We are sorry for the inconvenience."

Only the message ... no shutdown ... no crash. I also use Win Pro. Could the problem be OS dependent?

Don F