Microsoft KB Archive/833987

= MS04-028: Buffer overrun in JPEG processing (GDI+) could allow code execution =

Article ID: 833987

Article Last Modified on 9/27/2007

-

APPLIES TO


 * Customer Service and Support Information

-





Technical updates
 October 12, 2004: We have released updated versions of the 832332 (Office XP), 831932 (Visio 2002), and 831931 (Project 2002) security updates. For additional information, click the following article numbers to view the articles in the Microsoft Knowledge Base:

885876 Important information that you must know about the MS04-028 security updates if you are using Windows XP Service Pack 2

885884 Critical Update for Office XP on Windows XP Service Pack 2

 October 12, 2004: We have released tools to provide a scanning and deployment solution for the updates released with MS04-028. For additional information about these tools, click the following article numbers to view the articles in the Microsoft Knowledge Base:

886988 How to obtain and use the MS04-028 Enterprise Update Scanning Tool

885920 How to detect clients that require Critical Security Update MS04-028 in Systems Management Server 2003





SUMMARY
Microsoft has released security bulletin MS04-028. The security bulletin contains all the relevant information about the security update, including file manifest information and deployment options. To view the complete security bulletin, visit one of the following Microsoft Web sites:  Home users:

http://www.microsoft.com/protect/computer/updates/bulletins/200409_jpeg_tool.mspx

 IT professionals:

http://www.microsoft.com/technet/security/bulletin/ms04-028.mspx



This security patch was first included in Office 2003 Service Pack 2. Office 2003 Service Pack 1 is not affected by this issue. For more information about the latest service pack for Office 2003, click the following article number to view the article in the Microsoft Knowledge Base:

870924How to obtain the latest service pack for Office 2003

Additional query words: update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted remote code execution jpeg images graphics pictures gdiplus.dll

Keywords: kbhotfixserver kbqfe kbnetframe110sp1fix kbnetframe110presp1fix kbnetframe100presp3fix kbwinxpsp2fix atdownload kbwinxppresp2fix kbwinserv2003presp1fix kbfix kbbug kbsecurity kbsecbulletin KB833987

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.