NEWS FROM THE LAB - Tuesday, October 5, 2004

Renewed notice on the GDI+ JPG vulnerability Posted by Mikko @ 23:09 GMT

We've posted another notice on the JPG vulnerability, trying to get people to patch before it's too late.

Couple of notices on this vulnerability:

- Filtering files with .JPG extension won't protect you much. Bad JPGs can be renamed to .BMP or even .ICO and they still work fine

- To update Word, Excel and other Office tools, most users need to visit officeupdate.microsoft.com - but keep your Office installation CD handy!

- In some cases, Internet Explorer will run into the vulnerability before it has saved the offending JPG file to the IE cache folder - which means most workstation antivirus products won't have a chance to scan it before it's too late. Gateway-based antivirus scanners (like F-Secure Internet Gatekeeper) take care of this problem

- However, exploiting Internet Explorer with this vulnerability seems to be particularily hard. Exploiting Windows XP's EXPLORER.EXE while viewing local JPG files is much easier and several toolkits to create JPGs like this exist. This reduces the likelyhood of appereance of a massmailer worm using this vulnerability

- Finally, if you scan JPGs with this exploit embedded in them, F-Secure Anti-virus will detect them

For more, see our description.