My ISP has warned customers (in the demon.announce newsgroup) that live malicious JPEGs have been spotted, and that the exploit, while it doesn't work on other software, can potentially crash any JPEG viewer, even without a trace of Microsoft code.