September 20, 2004 -- (WEB HOST INDUSTRY REVIEW) -- According to a report published Friday by Internet research firm Netcraft (netcraft.com), code has been published on the Internet that claims to partially exploit a weakness in the way Microsoft's software handles image files.
Level 1 PCI DSS Certified Service Provider! DataPipe delivers the best network & support; top tier data centers; New York metro, Silicon Valley, London, Hong Kong, Shanghai. DataPipe - Personal Touch, Global Reach.
The vulnerability would reportedly enable a hacker to gain control of a computer by creating a JPEG image that would compromise a range of Microsoft software, including the Office suite and most versions of Internet Explorer, which is regularly exposed to JPEG images on Web pages.
According to Netcraft, the exploit was posted to the BugTraq and Full Disclosure mailing lists Thursday. Rather than execute code, say reports, the exploit will crash computers running unpatched Windows XP versions, which can lead to the remote execution of code.
The code had reportedly been downloaded more than 32,000 times by midday Saturday. Microsoft revealed the vulnerability on Tuesday, along with a security update to fix it.
Some say fears about the flaws are overblown, but security experts warn that proof-of-concept exploits are often followed closely by more dangerous code.
