Note: This page is part of the archive.

This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact if you have any questions about the US-CERT website archive.

Alert (SA04-258A)

Vulnerability in Microsoft Image Processing Component

Systems Affected

  • Applications that process JPEG images on Microsoft Windows, including but not limited to
    • Internet Explorer
    • Microsoft Office
    • Microsoft Visual Studio
    • Picture It!
    • Applications from other vendors besides Microsoft


An attacker may be able to gain control of your computer by taking advantage of the way some programs process the JPEG image format.


Apply a patch

Microsoft has issued updates to address the problem. Obtain the appropriate update from Windows Update and from Office Update.

Note: You may need to install multiple patches depending what software you have on your computer.

Use caution with email attachments

Never open unexpected email attachments. Before opening an attachment, save it to a disk and scan it with anti-virus software. Make sure to turn off the option to automatically download attachments.

View email messages in plain text

Email programs like Outlook and Outlook Express interpret HTML code the same way that Internet Explorer does. Attackers may be able to take advantage of that by sending malicious HTML-formatted email messages.

Maintain updated anti-virus software

It is important that you use anti-virus software and keep it up to date. Most anti-virus software vendors frequently release updated information, tools, or virus databases to help detect and recover from virus infections. Many anti-virus packages support automatic updates of virus definitions. US-CERT recommends using these automatic updates when possible.


Microsoft Windows Graphics Device Interface (GDI+) is used to display information on screens and printers, including JPEG image files. An attacker could execute arbitrary code on a vulnerable system if the user opens a malicious JPEG file via applications such as a web browser, email program, internet chat program, or via email attachment. Any application that uses GDI+ to process JPEG image files is vulnerable to this type of attack. This vulnerability also affects products from companies other than Microsoft.


Author: Mindi McDowell. .

Copyright 2004 Carnegie Mellon University. Terms of use

Revision History

  • September 14, 2004: Initial release

Last updated

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No