Please be aware that this Microsoft bulletin includes separate patches for operating systems and applications (e.g., MS Office XP and MS Office 2003). You are strongly advised to apply all relevant patches to address this vulnerability and ensure that your anti-virus updates remain current. Windows XP, Service Pack 2, does NOT contain this vulnerability; however, application patches will be needed if you use vulnerable Microsoft Office applications.
The image processing system of Microsoft Windows 2003, XP/Service Pack 1, and some Microsoft and third-party applications have been recently found to contain a buffer overflow vulnerability. Exploits have been identified that permit an external party to take advantage of this vulnerability and gain control over a Windows computer. This buffer overflow vulnerability could be used by a malicious image (e.g., JPEG file) on a Web page or within an email attachment. Microsoft has released patches for Windows 2003, XP/SP1, and selected Microsoft applications (see MS04-028, http://www.microsoft.com/technet/security/Bulletin/MS04-028.mspx).