Well pictures dont execute code... but look at some of the viruses that have made it big in the last 3 years......For instance some emails have managed to run attachments without even being property opened...thanks to the preview pane on outlook Express for instance.......
If they managed to run an executable on your system in such a way then your in trouble...anything could have been done to your system....often they can then take advantage of the run key in the reg to restart a trojan each time the computer boots (assuming windows in this instance)