It's not safe to look at pictures anymore.
Detailed Description
A proof-of-concept exploit which executes code on the victim's computer when opening a JPG file has been posted to a public website on September 17th, 2004. That exploit was only crashing Internet Explorer.
On September 24th there appeared a constructor that could produce JPG files with the MS04-028 exploit. This time the exploit executed a code that could download and run a file from Internet. However, the JPG file with the exploit has to be previewed locally for the exploit to get activated, viewing a JPG file from a remote host does not activate the exploit.
We are expecting that more exploit techniques will be created by hacker groups. And there is a chance that someone will create a universal exploit that would work when viewing an image locally and on a remote host.
It is advised to install security updates released by Microsoft to be protected from the JPEG vulnerability exploit. These updates can be downloaded from here:
http://www.microsoft.com/security/bu...0409_jpeg.mspx
http://www.f-secure.com/v-descs/ms04-028.shtml
Threaded Mode
