Skip navigation
Skip navigation
You are using an outdated browser. Please upgrade your browser.

A new breach is revealed in Microsoft Windows: BMP format is no longer safe

17th February 2004 - Kaspersky Labs, a leading information security software developer warns users about a new vulnerability in Internet Explorer (5.0, 5.5 and 6.0) and Outlook Express 5.0. The new vulnerability allows cyber-criminals launch malicious programs on breached computers using files in BMP format.

The vulnerability was discovered by an unknown individual nicknamed ‘GTA’ and published on several security web sites. The author provided an example of a possible attack and went on to comment that the proposed scenario was based on a detailed analysis of the Windows source code (for details see

“This report confirms our worst fears; the computer underground is pouncing on the Windows source code in search of new attack methods. The speed at which the first discovery appeared forces us to seriously re-evaluate the immediate future of the Internet”, comments Eugene Kaspersky, Head of Anti-Virus Research at Kaspersky Labs, “From now on, we can expect similar surprise any minute.”

The lack of patches for Internet Explorer and Outlook Express make this new vulnerability particularly dangerous. Only users who have Windows XP with Service Pack 1 can relax for now: tests have demonstrated that this configuration is immune.

At the same time, the new vulnerability poses a serious threat to all Internet users. It turns out that virus-writers can create BMP files, which load malicious programs onto victim machines while users are looking at images. In fact, infection can occur both while reading e-mail in Outlook and while surfing the web. “At this point in time, we have not detected any viruses that use this exotic new method to attack computers. However, the chances of one appearing in the near future are very real indeed”, added Eugene Kaspersky.

Kaspersky Labs has already released a special anti-virus database update protecting against malicious programs utilizing this vulnerability. The contents of BMP files are scanned and potentially dangerous objects are detected when they attempts to breach computers via either the Internet or emails. The protection is included in the latest Kaspersky® Anti-Virus update.

Media Contacts

Sarah Buttery

Kaspersky Lab UK

+44 870 011 3461

Sara Claridge

Marylebone Media Relations

+44 1344 876558

This press release was distributed by ResponseSource Press Release Wire on behalf of Marylebone Media Relations in the following categories: Consumer Technology, Personal Finance, Business & Finance, Computing & Telecoms, for more information visit