A buffer overflow vulnerability in the processing of JPEG image formats was reported in the GDI+ code in several Microsoft operating systems and applications. A remote user can execute arbitrary code on the target system. NetObjects Fusion is affected.|
Microsoft reported that a remote user can create a specially crafted JPEG image that, when processed by an affected component, will execute arbitrary code on the target system. The code will run with the privileges of the calling application.
Windows XP, Windows XP Service Pack 1, and Windows Server 2003 are vulnerable by default, but other operating systems may be affected if certain vulnerable components have been installed, such as Microsoft .NET Framework and various 3rd party applications.
Affected applications include Office XP (Outlook, Word, Excel, PowerPoint, FrontPage, Publisher), Office 2003 (Outlook, Word, Excel, PowerPoint, FrontPage, Publisher, InfoPath, OneNote), Microsoft Project, Microsoft Visio, Microsoft Visual Studio .NET (Visual Basic .NET Standard, Visual C# .NET Standard, Visual C++ .NET Standard, Visual J# .NET Standard), Microsoft .NET Framework, Microsoft Picture It!, Microsoft Greetings, Microsoft Digital Image Pro, Microsoft Digital Image Suite, Microsoft Producer for Microsoft Office PowerPoint, Microsoft Platform SDK Redistributable: GDI+, and Internet Explorer 6.
Microsoft credits Nick DeBaggis with reporting this flaw.
The original advisory is available at: