The following news article discusses a vulnerability in M$ software where the simple act of viewing a jpeg on the internet can be used as a mechanism to run malicious code on a client machine.
http://news.bbc.co.uk/1/hi/technology/3684552.stm
I'm not sure I understand this. The only way this makes sense to me is that M$ software is secretly using jpegs to store executable code.
This can't possibly be correct as such an implementation is insane. Even M$ can't be this inept/underhand. Can they? Or have I misunderstood things completely?
Any thoughts?
