MS05-036
Vulnerability in Microsoft Color Management Module Could Allow Remote Code Execution
mov_fencepost.jpg - on most platforms, causes a crash due to mov
destination fencepost error after going past allocated memory, or
after accessing a bogus address such as 0x27272727. The destination
address appears to be controllable (i.e. changing the file or
displaying other data before or along with this image alters it).
My bets are that this is exploitable for remote execution.
cmp_fencepost.jpg - here, causes a crash due to a very similar cmp
fencepost (no write). Not necessarily exploitable for remote code
execution, unless code execution path can be affected later on.
oom_dos.jpg - usually causes a OOM crash. Less interesting, unless
you like to punish people who borrow your pictures for their blogs.
random.jpg - causes mov fencepost of CPU consumption + crash. Didn't investigate in much detail.