Windows' JPEG vulnerability could be exploited by using Internet Explorer, a security firm claimed Wednesday, making the threat a potentially "devastating" one. But the claim may be more hype than anything, according to some rival security firms. . . .
Windows' JPEG vulnerability could be exploited by using Internet Explorer, a security firm claimed Wednesday, making the threat a potentially "devastating" one. But the claim may be more hype than anything, according to some rival security firms.
Finjan Software, a San Jose, Calif.-based security vendor, said its Israel-based Malicious Code Research Center (MCRC) has identified a way for attackers to remotely access a vulnerable PC simply by getting a user to browse a page that contains a malformed JPEG image.

Actually, that's not a new attack avenue. When Microsoft originally published details of the JPEG vulnerability, it cited potential vectors like e-mail and the Web, and said that in the case of the latter, "an attacker would have to host a Web site that contains a Web page that is used to exploit this vulnerability. An attacker would have to persuade [users] to visit the Web site, typically by getting them to click a link that takes them to the attacker's site."

Most analysts have pegged the likeliest vector as an e-mail message with a malicious JPEG attachment, a route that does require some user interaction. Finjan's pronouncement, that it's possible for hackers to infect machines simply by getting users to browse a specially-crafted Web page, or one embedded, surreptitiously or not, with a bad-seed JPEG, is not likely to change that, said another security expert.

The link for this article located at techweb.com is no longer available.