Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Digital Photography (http://www.velocityreviews.com/forums/f37-digital-photography.html)
-   -   Microsoft JPEG Hoax! (http://www.velocityreviews.com/forums/t405520-microsoft-jpeg-hoax.html)

Guido Vollbeding 09-21-2004 02:16 PM

Microsoft JPEG Hoax!
 
Hi

Microsoft has recently started a campaign to update their software
for an error in JPEG processing:
Microsoft Security Bulletin MS04-028
Buffer Overrun in JPEG Processing (GDI+)
Could Allow Code Execution (833987):
http://www.microsoft.com/technet/sec.../MS04-028.mspx

They claim that after the update their software is secure.
However, this is WRONG!
The reason is that they don't fix another fatal JPEG processing
error in their software which is known for years and which can
be reproduced by trying to open the following image file with
Microsoft Explorer or other software:

http://sylvana.net/test/AP4.jpg

Opening this image file with faulty JPEG software can crash the
application or even the system!
The error was solved in 1998 with release 6b of the Independent
JPEG Group software, but there are still many applications in
use, like Microsoft's Internet Explorer, which haven't been
updated and thus crash with this error.
Software based on IJG's v6b JPEG software library, which
is available since 1998, is not affected by this problem.

Regards
Guido

Bart van der Wolf 09-21-2004 09:35 PM

Re: Microsoft JPEG Hoax!
 

"Guido Vollbeding" <guido@jpegclub.org> wrote in message
news:415037C3.30F9F88A@jpegclub.org...
SNIP
>http://sylvana.net/test/AP4.jpg
>
> Opening this image file with faulty JPEG software can crash the
> application or even the system!


It doesn't crash my Windows Internet Explorer (after the patch on XP
Pro).

Bart


Guido Vollbeding 09-21-2004 10:15 PM

Re: Microsoft JPEG Hoax!
 
Bart van der Wolf wrote:
>
> >http://sylvana.net/test/AP4.jpg
> >
> > Opening this image file with faulty JPEG software can crash the
> > application or even the system!

>
> It doesn't crash my Windows Internet Explorer (after the patch on XP
> Pro).


Bart,
may I say that it doesn't surprise me to see such response from
someone like you ?;-)

Regards
Guido

Don F 09-21-2004 10:57 PM

Re: Microsoft JPEG Hoax!
 
"Guido Vollbeding" <guido@jpegclub.org> wrote in message news:415037C3.30F9F88A@jpegclub.org...
> Hi
> Microsoft has recently started a campaign to update their software
> for an error in JPEG processing:
> Microsoft Security Bulletin MS04-028
> Buffer Overrun in JPEG Processing (GDI+)
> Could Allow Code Execution (833987):
> http://www.microsoft.com/technet/sec.../MS04-028.mspx
>
> They claim that after the update their software is secure.
> However, this is WRONG!
> The reason is that they don't fix another fatal JPEG processing
> error in their software which is known for years and which can
> be reproduced by trying to open the following image file with
> Microsoft Explorer or other software:
>
> http://sylvana.net/test/AP4.jpg
>
> Opening this image file with faulty JPEG software can crash the
> application or even the system!
> The error was solved in 1998 with release 6b of the Independent
> JPEG Group software, but there are still many applications in
> use, like Microsoft's Internet Explorer, which haven't been
> updated and thus crash with this error.
> Software based on IJG's v6b JPEG software library, which
> is available since 1998, is not affected by this problem.
>
> Regards
> Guido

--------
I just tried opening the test jpg and received the following message:
"Internet Explorer has encountered a problem and needs to close. We are sorry for the inconvenience."

Only the message ... no shutdown ... no crash. I also use Win Pro. Could the problem be OS dependent?

Don F




Bart van der Wolf 09-21-2004 11:40 PM

Re: Microsoft JPEG Hoax!
 

"Guido Vollbeding" <guido@jpegclub.org> wrote in message
news:4150A7F7.A7FDC2C1@jpegclub.org...
> Bart van der Wolf wrote:
> >
> > >http://sylvana.net/test/AP4.jpg
> > >
> > > Opening this image file with faulty JPEG software can crash the
> > > application or even the system!

> >
> > It doesn't crash my Windows Internet Explorer (after the patch on

XP
> > Pro).

>
> Bart,
> may I say that it doesn't surprise me to see such response from
> someone like you ?;-)


Of course you may, but it doesn't change the fact that the patch
solved what you said would happen despite the patch.

Bart


Guido Vollbeding 09-21-2004 11:42 PM

Re: Microsoft JPEG Hoax!
 
Hi Don

> I just tried opening the test jpg and received the following
> message:
>
> "Internet Explorer has encountered a problem and needs to close. We
> are sorry for the inconvenience."
>
> Only the message ... no shutdown ... no crash. I also use Win
> Pro. Could the problem be OS dependent?


Yes, of course.
But closing a program is indeed an inconvenience, isn't it?

I just want to sharpen your attention, and don't fall for hoaxes.
Do NOT believe that such "inconvenience" will be solved with
Microsoft's current update, as they make believe.

Regards
Guido

Bob 09-22-2004 12:49 AM

Re: Microsoft JPEG Hoax!
 
On Tue, 21 Sep 2004 16:16:35 +0200, Guido Vollbeding <guido@jpegclub.org> wrote:

>Hi
>
>Microsoft has recently started a campaign to update their software
>for an error in JPEG processing:
> Microsoft Security Bulletin MS04-028
> Buffer Overrun in JPEG Processing (GDI+)
> Could Allow Code Execution (833987):
> http://www.microsoft.com/technet/sec.../MS04-028.mspx
>
>They claim that after the update their software is secure.
>However, this is WRONG!
>The reason is that they don't fix another fatal JPEG processing
>error in their software which is known for years and which can
>be reproduced by trying to open the following image file with
>Microsoft Explorer or other software:
>
> http://sylvana.net/test/AP4.jpg
>
>Opening this image file with faulty JPEG software can crash the
>application or even the system!
>The error was solved in 1998 with release 6b of the Independent
>JPEG Group software, but there are still many applications in
>use, like Microsoft's Internet Explorer, which haven't been
>updated and thus crash with this error.
>Software based on IJG's v6b JPEG software library, which
>is available since 1998, is not affected by this problem.
>
>Regards
>Guido


Thanks for the info..

BTW do you know why windows can't show some jpegs in the 'thumbnail view' in
windows explorer??


Frank ess 09-22-2004 12:50 AM

Re: Microsoft JPEG Hoax!
 
Don F wrote:

<snip>

> --------
> I just tried opening the test jpg and received the following
> message:
> "Internet Explorer has encountered a problem and needs to close. We
> are sorry for the inconvenience."
>
> Only the message ... no shutdown ... no crash. I also use Win
> Pro. Could the problem be OS dependent?
>


When MSIE6 saw the test image it gave that message and asked for
information, please. Once the information had been transmitted, MSIE
closed.

When Opera6 saw it, it opened and displayed with no comment or problem.

Both in WinXP Home with all patches up to but not including the Massive
Patch 2.

--
Frank ess



dj_nme 09-22-2004 01:32 AM

Re: Microsoft JPEG Hoax!
 
Frank ess wrote:
> Don F wrote:
>
> <snip>
>
>>--------
>> I just tried opening the test jpg and received the following
>>message:
>>"Internet Explorer has encountered a problem and needs to close. We
>>are sorry for the inconvenience."
>>
>> Only the message ... no shutdown ... no crash. I also use Win
>>Pro. Could the problem be OS dependent?
>>

>
>
> When MSIE6 saw the test image it gave that message and asked for
> information, please. Once the information had been transmitted, MSIE
> closed.
>
> When Opera6 saw it, it opened and displayed with no comment or problem.
>
> Both in WinXP Home with all patches up to but not including the Massive
> Patch 2.
>
> --
> Frank ess


It seems to be totaly browser dependant.
I have IE 4.0 and Mozilla 1.7a on Win98SE.
IE shows an error (with the option of "close" or "details").
Mozilla just shows the pic of the smiling woman with no problems.

Jeff M. 09-22-2004 03:34 AM

Re: Microsoft JPEG Hoax!
 
no wonder IE crashes, that bitch is ****in ugly!!


All times are GMT. The time now is 08:07 PM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.