[Ham-Computers] Recent changes to QTH list messages?
Hsu, Aaron (NBC Universal)
aaron.hsu at nbcuni.com
Thu Feb 19 18:59:37 EST 2009
As I mentioned in my previous post, unpatched Windows systems are vulnerable to JPEG attacks as the Windows JPEG decoder has a flaw that allows code to run if the decoder faults (buffer overflow). So, yes, it *is* possible to infect a Windows system just by *viewing* a JPG. Prime victims are those who use Internet Explorer, Outlook (and OLK Express), or any apps that use the Windows JPG decoder (most Microsoft apps). Just visiting a website with a compromised JPG or viewing an HTML e-mail with a compromised "in-line" JPG can infect your system - don't need to click or open anything - just "view" the JPG.
The patch for Windows has been out for a few years, but there are those whose systems aren't patched for one reason or another. More info can be found here (includes links to the MS KB article and patches):
http://www.us-cert.gov/cas/techalerts/TA04-260A.html
And, let this *NOT* start a Windows vs Linux discussion - doesn't help those who are unable to run an alternative OS.
73,
- Aaron, NN6O
-----Original Message-----
Sent: Thursday, February 19, 2009 7:02 AM
Subject: Re: [Ham-Computers] Recent changes to QTH list messages?
What kind of operating system executes a picture file format?
A virus must be "run" to do anything. To me, putting a virus in a picture file is a "do-nothing," as far as I know.(know little about viruses) (carrying parameters for a virus is not sneaking a virus into your system).
More information about the Ham-Computers
mailing list