Deadly TIFF flaw snaps Windows

A hacker has released attack code that could be used to exploit a critical bug in some versions of Windows.

Microsoft patched the flaw, which affects older versions of Windows, on October 9. When the Image Viewer tries to open a maliciously encoded TIFF file, it can be tricked into running unauthorised software on the PC.

A sample of the exploit was posted Monday to the Milw0rm website. The code has not yet been used in online attacks, according to Symantec, which issued an alert Monday.

Symantec recommends that Windows users install the MS07-055 update as quickly as possible.

Microsoft took the unusual step of issuing its own security update for Kodak's software, because the image viewer (formerly known as the Wang Image Viewer) had shipped in Windows 2000 systems by default.

Still, many Windows users are not affected by the problem. Windows XP and Windows Server 2003 users should not have the software installed on their PCs, unless they downloaded it directly or upgraded from Windows 2000. Windows Vista users are not affected by the bug.

Also, users would have to open the TIFF file using the Kodak Image Viewer for the attack to work. Because most PCs are set to automatically open TIFFs using some other piece of software, it is unlikely that an attack would succeed.

"Its not a huge deal, though, we don't think," said Marc Maiffret, chief technology officer with eEye Digital Security, via instant message. "You probably have some other program that defaults to open TIFF's like QuickTime or Photoshop."

The sample attack code affects the Korean language version of Windows, but it could be easily modified to affect other versions of the software, Maiffret said.