Hey all, long time user first time poster 
I saw on a post in another forum that avast! was susceptible to the JPeg vulnerability, just as office is. Can anyone confirm this? The only way I can think of being infected via avast using the same way to process Jpegs and then through a skin.
Any info?
Many thanks,
Matt
Hi, welcome to the forums.
I would have thought that getting the info from the horses mouth would be better (avast forums). Which forum and I hope you will put them straight, also ensuring that this vulnerability is patched is IMO the best course of action.
This has been discussed very recently and no avast isnât vulnerable a search of these forums on âjpeg exploitâ without the quotes returns several hits, this is just one of them.
http://forum.avast.com/index.php?board=2;action=display;threadid=7573;
deceptionuk:
Welcome to the Forums.
I guess you didnât read or understand the whole Thread.
The current version of Avast contains protection against that exploit.
Avast v 4.1.418 VPS 0440-2 ;D
Just a suggestion: kill the âdeceptionâ user and start another, with âhappyuserâ 
I canât believe you use avast so long and have any deception with it 
Hehe thanks for the responses folks
Iâll put the other forum straight, itâs sad that itâs one of the most popular security forums aswell⌠some people are ignorant and this particular poster I donât especially care for so I thought Iâd ask here Many thanks!
P.S. Deception is my nickname, sorta
The statement seems to be completely wrong to me - it implies that avast! somehow displays JPEG files (with the buggy code). However, as far as I know, avast! doesnât use the troublesome GDI+ library at all (itâs an antivirus, not an image viewer, right? ;D). And even if it did, it would only display its own JPEG file (and I donât think it actually has any) - not the user-supplied ones - so there wouldnât be any chance of misuse.
deceptionuk
It might be nice if you posted the information igor just gave us on the other forum to correct their erronious post.
The jpeg exploit is only harmfull when you view a picture in jpg (jpeg) format with certain viewers (normally only MS ones) other viewers like PSP (Paint Shop Pro), ACDSee, PhotoShop (pro) can and will display the image without the risk of infection. They just show the picture itself and do not executed any code.
In fact the tecnic to implement other info into a picture was used many years ago to communicate between a blackmailer and the Dutch police. So basicly what we are talking about is really old news. Luckely, not much people are using this technic for bad purposes. (up to now that is)
Well, there are certainly many ways of storing hidden information into an image; you are right, however, that the problematic piece of GDI+ library code is a âcomment blockâ.
Btw, exactly the same problem as the current GDI+ exploit was discovered in 2000 in Netscape browsers (see here for technical info). It didnât get much attention, however - the number of Netscape users probably wasnât as interesting target for virus writers as the number of IE users today.
Igor:
Does that mean that Firefox might also be susceptible to this code? Or, is it a totally different product compared to Netscape?
Out of curiousity I installed Netscape 7.2 yesterday (figured I would uninstall it later). I found that it STILL does the illegal error thing it always used to do. They did get around to adding some nice features to both it and its mail program. BUT⌠Ive uninstalled it totally and gone back to Firefox.
I really donât know what programs may the problem have propagated to.
According to the webpage I linked, the problem should have been fixed in Netscape 4.74 and Mozilla M16. However, when I tried in Netscape 4.80 in Windows 98, I got a nice bluescreenâŚ