Windows users to catch STD from viewing pr0n

The jpeg exploit is [link|http://www.infoworld.com/article/04/09/23/HNnewjpegexploit_1.html|in the wild now].

Couple of comments. First, this is not just Internet Explorer. Most any MS jpeg viewer is susceptible (image viewer and paint to mention a couple). MS has a tool that you can download to check for vulnerable programs. If the tool finds a vulnerability, what does it do? It takes you back to the page that you downloaded the tool from. Utter stupidity - why can't they list the programs that are vulnerable on your machine? As it is, the tool is absolutely useless.

Second, unlike Mozilla, it's near impossible to tell where the OS ends and where the viewers begin. Means that to patch the update, you have to expose the OS to a patch which may or may not cause unknown breakage.

Post #174,288 by ChrisR 9/14/04 5:39:54 PM 9/14/04 5:43:00 PM Reply	Windows users to catch STD from viewing pr0n [link\|http://www.osnews.com/story.php?news_id=8269\|Beware the JPEG]. [Whoops: meant this for the Security forum. But I guess that's mostly synonomous with this forum anyhoo] Edited by ChrisR Sept. 14, 2004, 05:43:00 PM EDT Expand All History
Post #174,319 by n3jja 9/14/04 8:49:26 PM Reply	You've got to be kidding! ROFL!!
Post #174,483 by altmann 9/15/04 3:42:59 PM Reply	Guffaw [link\|http://secunia.com/advisories/12526/\|http://secunia.com/advisories/12526/] -- Chris Altmann
Post #176,006 by ChrisR 9/23/04 6:42:12 PM Reply	Script kiddies abound. The jpeg exploit is [link\|http://www.infoworld.com/article/04/09/23/HNnewjpegexploit_1.html\|in the wild now]. Couple of comments. First, this is not just Internet Explorer. Most any MS jpeg viewer is susceptible (image viewer and paint to mention a couple). MS has a tool that you can download to check for vulnerable programs. If the tool finds a vulnerability, what does it do? It takes you back to the page that you downloaded the tool from. Utter stupidity - why can't they list the programs that are vulnerable on your machine? As it is, the tool is absolutely useless. Second, unlike Mozilla, it's near impossible to tell where the OS ends and where the viewers begin. Means that to patch the update, you have to expose the OS to a patch which may or may not cause unknown breakage.

Welcome to IWETHEY!