Microsoft recommends that customers apply the update immediately.
This update resolves a newly-discovered, privately reported vulnerability. A buffer overrun vulnerability exists in the processing of JPEG image formats that could allow remote code execution on an affected system. The vulnerability is documented in this bulletin in its own section. If a user is logged on with administrator privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges
Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)
Affected Software:
? Microsoft Windows XP and Microsoft Windows XP Service Pack 1
? Microsoft Windows XP 64-Bit Edition Service Pack 1
? Microsoft Windows XP 64-Bit Edition Version 2003
? Microsoft Windows Server? 2003
? Microsoft Windows Server 2003 64-Bit Edition
? Microsoft Office XP Service Pack 3
Microsoft Office XP Service Pack 3 Software:
? Outlook® 2002
? Word 2002
? Excel 2002
? PowerPoint® 2002
? FrontPage® 2002
? Publisher 2002
? Microsoft Office 2003
Microsoft Office 2003 Software:
? Outlook® 2003
? Word 2003
? Excel 2003
? PowerPoint® 2003
? FrontPage® 2003
? Publisher 2003
? InfoPath? 2003
? OneNote? 2003
? Microsoft Project 2002 Service Pack 1 (all versions)
? Microsoft Project 2003 (all versions)
? Microsoft Visio 2002 Service Pack 2 (all versions)
? Microsoft Visio 2003 (all versions)
? Microsoft Visual Studio .NET 2002
Microsoft Visual Studio .NET 2002 Software:
? Visual Basic .NET Standard 2002
? Visual C# .NET Standard 2002
? Visual C++ .NET Standard 2002
? Microsoft Visual Studio .NET 2003
Microsoft Visual Studio .NET 2003 Software:
? Visual Basic .NET Standard 2003
? Visual C# .NET Standard 2003
? Visual C++ .NET Standard 2003
? Visual J# .NET Standard 2003
? The Microsoft .NET Framework version 1.0 SDK Service Pack 2
? Microsoft Picture It!® 2002 (all versions)
? Microsoft Greetings 2002
? Microsoft Picture It! version 7.0 (all versions)
? Microsoft Digital Image Pro version 7.0
? Microsoft Picture It! version 9 (all versions, including Picture It! Library)
? Microsoft Digital Image Pro version 9
? Microsoft Digital Image Suite version 9
? Microsoft Producer for Microsoft Office PowerPoint (all versions)
? Microsoft Platform SDK Redistributable: GDI+
This update resolves a newly-discovered, privately reported vulnerability. A buffer overrun vulnerability exists in the processing of JPEG image formats that could allow remote code execution on an affected system. The vulnerability is documented in this bulletin in its own section. If a user is logged on with administrator privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges
Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)
Affected Software:
? Microsoft Windows XP and Microsoft Windows XP Service Pack 1
? Microsoft Windows XP 64-Bit Edition Service Pack 1
? Microsoft Windows XP 64-Bit Edition Version 2003
? Microsoft Windows Server? 2003
? Microsoft Windows Server 2003 64-Bit Edition
? Microsoft Office XP Service Pack 3
Microsoft Office XP Service Pack 3 Software:
? Outlook® 2002
? Word 2002
? Excel 2002
? PowerPoint® 2002
? FrontPage® 2002
? Publisher 2002
? Microsoft Office 2003
Microsoft Office 2003 Software:
? Outlook® 2003
? Word 2003
? Excel 2003
? PowerPoint® 2003
? FrontPage® 2003
? Publisher 2003
? InfoPath? 2003
? OneNote? 2003
? Microsoft Project 2002 Service Pack 1 (all versions)
? Microsoft Project 2003 (all versions)
? Microsoft Visio 2002 Service Pack 2 (all versions)
? Microsoft Visio 2003 (all versions)
? Microsoft Visual Studio .NET 2002
Microsoft Visual Studio .NET 2002 Software:
? Visual Basic .NET Standard 2002
? Visual C# .NET Standard 2002
? Visual C++ .NET Standard 2002
? Microsoft Visual Studio .NET 2003
Microsoft Visual Studio .NET 2003 Software:
? Visual Basic .NET Standard 2003
? Visual C# .NET Standard 2003
? Visual C++ .NET Standard 2003
? Visual J# .NET Standard 2003
? The Microsoft .NET Framework version 1.0 SDK Service Pack 2
? Microsoft Picture It!® 2002 (all versions)
? Microsoft Greetings 2002
? Microsoft Picture It! version 7.0 (all versions)
? Microsoft Digital Image Pro version 7.0
? Microsoft Picture It! version 9 (all versions, including Picture It! Library)
? Microsoft Digital Image Pro version 9
? Microsoft Digital Image Suite version 9
? Microsoft Producer for Microsoft Office PowerPoint (all versions)
? Microsoft Platform SDK Redistributable: GDI+