john_k - 6:12 pm on Sep 17, 2004 (gmt 0)
stand corrected. It is all microsoft apps. Hmm, I wonder what these apps do to execute data?
They all use GDI functions to do the JPG manipulation. The vulnerability is in the GDI. The list of apps that Microsoft gives out only includes their own. Their security bulletin states that you should check with vendors of any other software you have installed to see if they are vulnerable to this. The ones that utilize API calls into the GDI for JPG files (that is GDI JPG API calls!) will be vulnerable. Ones that do their own JPG manipulation won't be.