MS04-028 is not categorized as virus, worm, Trojan or backdoor. It is a Microsoft security bulletin that addresses the critical vulnerability known as Buffer Overrun in JPEG processing, which allows to remotely execute arbitrary code in the vulnerable computer.
This vulnerability affects several Microsoft products including, but not limited to:
Operating systems: Windows 2003/XP.
Internet Explorer v6.0 (with Service Pack 1).
Office 2003 and Oficce XP.
Visual Studio .NET 2003 and 2002.
Project 2003 and 2002.
Visio 2003 and 2002.
Picture It! 2002, and versions 9.0 and 7.0.
For further information on the vulnerable programs, please refer to the Microsoft security bulletin.
If exploited successfully, MS04-028 allows hackers to gain remote control of the affected computer with the same privileges as the logged-on user. If this user had administrator rights, the hacker could take complete control of the system: create, modify or delete files, install programs, create new user accounts, etc.
Provided that any program that processes JPEG images could be vulnerable to this attack, there are many possible attack vectors in order to exploit MS04-028. All of them are based in creating a malicious JPEG file, distributing it (through web pages, e-mail messages, images embedded in documents, etc.) and enticing users into opening it.
If you have a Windows 2003/XP computer or any of the vulnerable programs installed in your computer, it is recommendable to download and apply the security patch for this vulnerability. Click here to access the web page for downloading the patch.