Reported September 14, 2004, by Microsoft
A buffer-overrun vulnerability in the processing of JPEG image formats could allow remote code execution on a vulnerable system. Any program that processes JPEG images on the affected systems could be vulnerable to this attack, as could any system that uses the affected programs or components. A potential attacker who successfully exploited this vulnerability could take complete control of an affected system.
Microsoft has released security bulletin MS04-028, "Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)," to address this vulnerability and recommends that affected users immediately apply the appropriate patch listed in the bulletin.
Discovered by Nick DeBaggis.