If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Microsoft JPEG Hoax!
Hi
Microsoft has recently started a campaign to update their software for an error in JPEG processing: Microsoft Security Bulletin MS04-028 Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987): http://www.microsoft.com/technet/sec.../MS04-028.mspx They claim that after the update their software is secure. However, this is WRONG! The reason is that they don't fix another fatal JPEG processing error in their software which is known for years and which can be reproduced by trying to open the following image file with Microsoft Explorer or other softwa http://sylvana.net/test/AP4.jpg Opening this image file with faulty JPEG software can crash the application or even the system! The error was solved in 1998 with release 6b of the Independent JPEG Group software, but there are still many applications in use, like Microsoft's Internet Explorer, which haven't been updated and thus crash with this error. Software based on IJG's v6b JPEG software library, which is available since 1998, is not affected by this problem. Regards Guido |
#2
|
|||
|
|||
"Guido Vollbeding" wrote in message ... SNIP http://sylvana.net/test/AP4.jpg Opening this image file with faulty JPEG software can crash the application or even the system! It doesn't crash my Windows Internet Explorer (after the patch on XP Pro). Bart |
#3
|
|||
|
|||
"Guido Vollbeding" wrote in message ... SNIP http://sylvana.net/test/AP4.jpg Opening this image file with faulty JPEG software can crash the application or even the system! It doesn't crash my Windows Internet Explorer (after the patch on XP Pro). Bart |
#4
|
|||
|
|||
"Guido Vollbeding" wrote in message ... SNIP http://sylvana.net/test/AP4.jpg Opening this image file with faulty JPEG software can crash the application or even the system! It doesn't crash my Windows Internet Explorer (after the patch on XP Pro). Bart |
#5
|
|||
|
|||
Bart van der Wolf wrote:
http://sylvana.net/test/AP4.jpg Opening this image file with faulty JPEG software can crash the application or even the system! It doesn't crash my Windows Internet Explorer (after the patch on XP Pro). Bart, may I say that it doesn't surprise me to see such response from someone like you ?;-) Regards Guido |
#6
|
|||
|
|||
Bart van der Wolf wrote:
http://sylvana.net/test/AP4.jpg Opening this image file with faulty JPEG software can crash the application or even the system! It doesn't crash my Windows Internet Explorer (after the patch on XP Pro). Bart, may I say that it doesn't surprise me to see such response from someone like you ?;-) Regards Guido |
#7
|
|||
|
|||
Bart van der Wolf wrote:
http://sylvana.net/test/AP4.jpg Opening this image file with faulty JPEG software can crash the application or even the system! It doesn't crash my Windows Internet Explorer (after the patch on XP Pro). Bart, may I say that it doesn't surprise me to see such response from someone like you ?;-) Regards Guido |
#8
|
|||
|
|||
"Guido Vollbeding" wrote in message ...
Hi Microsoft has recently started a campaign to update their software for an error in JPEG processing: Microsoft Security Bulletin MS04-028 Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987): http://www.microsoft.com/technet/sec.../MS04-028.mspx They claim that after the update their software is secure. However, this is WRONG! The reason is that they don't fix another fatal JPEG processing error in their software which is known for years and which can be reproduced by trying to open the following image file with Microsoft Explorer or other softwa http://sylvana.net/test/AP4.jpg Opening this image file with faulty JPEG software can crash the application or even the system! The error was solved in 1998 with release 6b of the Independent JPEG Group software, but there are still many applications in use, like Microsoft's Internet Explorer, which haven't been updated and thus crash with this error. Software based on IJG's v6b JPEG software library, which is available since 1998, is not affected by this problem. Regards Guido -------- I just tried opening the test jpg and received the following message: "Internet Explorer has encountered a problem and needs to close. We are sorry for the inconvenience." Only the message ... no shutdown ... no crash. I also use Win Pro. Could the problem be OS dependent? Don F |
#9
|
|||
|
|||
"Guido Vollbeding" wrote in message ...
Hi Microsoft has recently started a campaign to update their software for an error in JPEG processing: Microsoft Security Bulletin MS04-028 Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987): http://www.microsoft.com/technet/sec.../MS04-028.mspx They claim that after the update their software is secure. However, this is WRONG! The reason is that they don't fix another fatal JPEG processing error in their software which is known for years and which can be reproduced by trying to open the following image file with Microsoft Explorer or other softwa http://sylvana.net/test/AP4.jpg Opening this image file with faulty JPEG software can crash the application or even the system! The error was solved in 1998 with release 6b of the Independent JPEG Group software, but there are still many applications in use, like Microsoft's Internet Explorer, which haven't been updated and thus crash with this error. Software based on IJG's v6b JPEG software library, which is available since 1998, is not affected by this problem. Regards Guido -------- I just tried opening the test jpg and received the following message: "Internet Explorer has encountered a problem and needs to close. We are sorry for the inconvenience." Only the message ... no shutdown ... no crash. I also use Win Pro. Could the problem be OS dependent? Don F |
#10
|
|||
|
|||
"Guido Vollbeding" wrote in message ... Bart van der Wolf wrote: http://sylvana.net/test/AP4.jpg Opening this image file with faulty JPEG software can crash the application or even the system! It doesn't crash my Windows Internet Explorer (after the patch on XP Pro). Bart, may I say that it doesn't surprise me to see such response from someone like you ?;-) Of course you may, but it doesn't change the fact that the patch solved what you said would happen despite the patch. Bart |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
JPEG Questions: Loss In Quality When "Saving" | Xtx99 | General Photography Techniques | 3 | April 8th 04 04:25 PM |
Try this pack that came from the Microsoft Corp. | splitload | Film & Labs | 0 | October 13th 03 11:27 PM |
Try this pack that came from the Microsoft Corp. | splitload | APS Photographic Equipment | 0 | October 13th 03 11:27 PM |
Try this pack that came from the Microsoft Corp. | splitload | Other Photographic Equipment | 0 | October 13th 03 11:27 PM |