Security groups had predicted that working malware exploiting the MS04-028 flaw was inevitable after proof of concept code was published on mailing lists last week. The speed with which the exploit code has been improved is raising concern that a more ambitious exploit is near. “Unfortunately, I have a nasty feeling we’ll see a new massmailer worm using JPG image as the attachment,” wrote Mikko Hypponen of F-Secure.
The flaw is worrisome because it affects a wide range of Microsoft software, including the Microsoft Office suite and most versions of the Internet Explorer browser, which regularly handles JPEG images housed on web sites. The JPEG standard (short for Joint Photographic Experts Group) is one of the primary graphic formats in use on the Web and office applications.
“We suspect that a working exploit is very close to widespread availability,” the Internet Storm Center noted in its analysis. “If your software redistributes Microsoft DLL’s that are vulnerable to the MS04-028 flaw, your software may be vulnerable to attack as well. “