A new toolkit designed to create malformed and potentially dangerous JPEGs has been released to the public.
MS04-028 -- JPEG Exploit Toolkit released to public
http://isc.sans.org//diary.php?date=2004-09-25
A toolkit designed to exploit a recently-disclosed Microsoft JPEG vulnerability has been released. The security hole compromises the system and creates a buffer overflow condition. This could potentially allow an attacker to create a JPEG file. The JPEG file would then over take control of a victim's machine when the user views it through Internet Explorer, Outlook, Word, and other programs.
http://www.theregister.co.uk/2004/09/24/jpeg_exploit_toolkit/
For a complete list of Operating Systems and Application Programs potentially affected by this see Microsofts information at:
http://www.microsoft.com/security/bulletins/200409_jpeg.mspx
A group of Handler's have been "playing" with the toolkit. So far it hasn't worked too well. However, as with all of these, they have a tendancy to get better real fast. Therefore apply the patches on both the Operating Systems and Application Programs as recommended by Microsoft.
JPEG Hacktool
The 3 major anti-virus companies have now released definition files that will detect the JPEG exploits.
Symantec - Hacktool.JPEGDownload http://securityresponse.symantec.com/avcenter/venc/data/hacktool.jpegdownload.html
McAfee - Exploit-MS04-028 http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=128461
Trend Micro - HKTL_JPGDOWN.A http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=HKTL_JPGDOWN.A