Microsoft vydal patch na chybu, která p?i prohlížení obrázk? mohla spustit škodlivý kód
16.09.2004Microsoft has released a patch for a 'critical' buffer overflow flaw in the way its softwares handle JPEG (Joint Photographic Experts Group) images that would allow an attacker to embed malicious code in image files. The code would run as soon as the user views the infected image. The flaw affects numerous softwares, including the Windows operating system and Internet Explorer, making users vulnerable even when just viewing a website. Antivirus firm McAfee warns that a virus could exploit the flaw; though there has not yet been a proof-of-concept malware, malicious hackers tend to begin developing attacks as soon as a patch is released. Given the large potential scope of the flaw, Microsoft has also developed a tool to find and update the many applications that may be affected. The JPEg flaw is unrelated to another image flaw discovered in August 2004 in the PNG (Portable Network Graphics) format, affecting Windows, Apple's OS X, and Linux. A second patch addresses an 'important' flaw in the file converter for Microsoft Office, Publisher, Word, and Works. That flaw would allow an attacker to take control of a computer if the user opens a malicious WordPerfect document.
Zdroj: http://www.securityfocus.com/news/9508Autor: VK
