ZDNet's Zero Day security blog reported Friday that the lowly 256-color GIF picture file format can be used by deliver "drive-by" attacks.
According to Zero Day, Schouwenberg warned Microsoft a long time ago about this vulnerability, Microsoft disagreed, and the vulnerability was never patched. He has contacted Microsoft again.
This vulnerability is reminiscent of the recent "carpet bomb" vulnerability in Apple's Safari browser, which was actually a combination of poor design choices by both Apple and Microsoft. Fortunately, it didn't take long for Apple to issue a revised version of Safari to stop the threat.
Let's hope Microsoft can take a hint - especially since Zero Day's report on the GIF threat indicates it's an in-the-wild problem that's already compromised at least one legitimate website.
Skull and crossbones courtesy of Webweaver.nu