MS04-028 - Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)
- 0
- Add a Comment
This is probably going to be the biggest Microsoft vulnerability of the year that wasn’t exploited via a virus or worm. This vulnerability covers such a wide range of Microsoft software that system administrators will be having headaches for a few days.
Information from MS04-028 - Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Recommendation: Customers should apply the update immediately.
- Windows XP and Windows XP Service Pack 1
- Windows XP 64-Bit Edition Service Pack 1
- Windows XP 64-Bit Edition Version 2003
- Windows Server 2003
- Windows Server 2003 64-Bit Edition
- Office 2003
- Office XP Service Pack 3
- Visio 2003 (All versions)
- Visio 2002 Service Pack 2 (All versions)
- Project 2003 (All versions)
- Project 2002 Service Pack 1 (All versions)
Review bulletin MS04-O28 for information about these affected operating systems and applications:
- Windows NT Workstation 4.0 Service Pack 6a
- Windows NT Server 4.0 Service Pack 6a
- Windows NT Server 4.0 Terminal Server Edition Service Pack 6
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- The Microsoft .NET Framework, version 1.0
- The Microsoft .NET Framework, version 1.1
- Internet Explorer 6 Service Pack 1
- Picture It! 2002 (All versions)
- Greetings 2002
- Picture It! version 7.0 (All versions)
- Digital Image Pro version 7.0
- Picture It! version 9 (All versions Including Picture It! Library)
- Digital Image Pro version 9
- Digital Image Suite version 9
- Producer for Microsoft Office PowerPoint (All versions)
- Visual Studio 2003 .NET
- Visual Basic .NET Standard 2003
- Visual C# .NET Standard 2003
- Visual C++ .NET Standard 2003
- Visual J# .NET Standard 2003
- Visual Studio 2002 .NET
- Visual Basic .NET Standard 2002
- Visual C# .NET Standard 2002
- Visual C++ .NET Standard 2002
- The Microsoft .NET Framework, version 1.0 SDK
- Platform SDK Redistributable: GDI+
Review the FAQ section of bulletin MS04-O28 for information about these operating systems:
- Microsoft Windows 98
- Microsoft Windows 98 Second Edition (SE)
- Microsoft Windows Millennium Edition (ME)
A buffer overrun vulnerability exists in the processing of JPEG image formats that could allow remote code execution on an affected system. Any program that processes JPEG images on the affected systems could be vulnerable to this attack, and any system that uses the affected programs or components could be vulnerable to this attack. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Other Coverage: