hi'

here is the translated text of an alert I received recently.

Two critical vulnerabilities were discovered in

Windows XP, on 2000, NT and on 2003. These faults can

allow a hostile individual to take the control at

distance of the computer of his(her) victim either in

a virus to comply automatically without knowing the

user during the posting of a booby-trapped image

(.BMP.CUR.ICO or .ANI), for example contained a web

page or in a message in the HTML format, or in the

opening of a file of booby-trapped assistant (.HLP ).

Windows XP SP2 is not affected by the first

vulnerability.

SOFTWARE () CONCERNS (S):

Windows XP SP2 Microsoft (.HLP vulnerability only)

Windows XP SP1 Microsoft

Windows XP Microsoft

Windows 2000 Microsoft

Windows 2003 Microsoft

Windows NT 4.0 Microsoft

CORRECTIVE:

The discoverer of the faults having chosen not to

cooperate with the publisher with the aim of

minimizing the impact of the discovery (even more

clearly to reveal them in the most unfavourable

possible conditions), for the moment there is no

corrective. The users of Windows XP who would not

already have made it have to install quickly the

service Pack 2 . Besides the attentiveness towards the

links and not sure files, the configuration of the

Email software so as to show HTML messages in the

format text and without downloading of the distant

images, the concerned users can also try to update

their antivirus (certain editors) integrated the

detection of the code allowing the exploitation of

images trapped in their updates, such as Symantec with

the signature Bloodhound. Exploit 19

translated with prompt5.

the recommendations given doesn't reflect my personal opinion, it's a news only

francois

francois - Thank you for the update.

This appears to be a follow-on to the earlier discovery of "buffer-overflow" virus's being hidden within jpeg images. The poisoned picture could then be displayed on a website, sent in e-mail, or circulated on a P2P network.

More about "Buffer-Overflow" here:

cheers