Printable View
OK, there are a TON of unexplored vulnerabilities in the JPEG DLL being revealed. Most of them (all of them?) require you only to view a web page in IE. I've got in front of me, a paper revealing a new DOS attack that possibly affects all versions of Windows from Windows 95/NT to Windows XP SP2. Stop using IE, folks and treat JPEGs with a bit of suspicion. Those who get Bugtraq, look at John Bissell's post dated October 14th.
Cheers,
cgkanchi
If the extent so far is DoS, (reboot the box), this is not really as much of a major issue it was touted to be, (I'm actually surprised that a remote code execution issue hasn't raised it's head yet which implies that this is much more difficult to exploit than the pundits first told us).
In a (L)user world they get to reboot the box.... ooops.... 3 minutes downtime.... In a server world if you are surfing the web on a production server then you probably should be removed instantly from the admin world and placed firmly in the (L)user world for life.... ;)
Obviously if the DoS causes a crash, it's only going to take down the app that tries to read the dodgy jpg.
But if that's your mail program, and the message breaking it is sat in the inbox, it could be nasty
Slarty
Slarty: PITA? Yes.... far from the end of the world though..... ;)