December 28, 2005
Though once it was believed that image files could not harbor malicious code, the past few years have taught otherwise. The following, in reverse chronological order, details some of the most well-known exploits.
In December 2005, the WMF Image Handling Exploit was discovered and immediately became an in-the-wild threat. The initial instances involved websites that used the exploit to foist large amounts of adware and spyware onto unsuspecting visitors' systems. Unlike previously discovered image exploits, the WMF Image Handling Exploit has particularly severe and far-reaching potential consequences.
In November 2005, Microsoft issued a security bulletin (MS05-053) concerning a flaw in the handling of Windows Metafile (WMF) and Enhanced Metafile (EMF) image formats which, similar to today's reported exploit, could allow remote attackers to gain access to a system.
In September 2004, Microsoft released details and patches for a vulnerability involving a critical flaw in the handling of JPG image files. The vulnerability impacted nearly everyone using Microsoft software and was exploitable via a malicious website or email.
In February 2004, a leak in the Windows 2000 Service Pack 1 source code led to the release of an integer overflow exploit involving BMP files. In May 2004, the first Trojan (the BMPAgent Trojan) exploiting the flaw was discovered.
In June 2002, the proof-of-concept Perrun virus attempted to prove that JPG files could be infected. However, Perrun required a helper application an executable. Hence, Perrun posed no threat to users and was not considered a true proof-of-concept.
In July 2000, a JPEG COM Marker Processing Vulnerability was reported in Netscape and Mozilla browsers, impacting Netscape versions prior to Netscape 4.74 and Mozilla M16.