The following news article discusses a vulnerability in M$ software where the simple act of viewing a jpeg on the internet can be used as a mechanism to run malicious code on a client machine.
I'm not sure I understand this. The only way this makes sense to me is that M$ software is secretly using jpegs to store executable code.
This can't possibly be correct as such an implementation is insane. Even M$ can't be this inept/underhand. Can they? Or have I misunderstood things completely?