I get this warning every now and then:

Details: Attempted Intrusion "ICC Profile TagData Overflow" against your machine was detected and blocked.

Intruder:
<I removed the website name and IP address>
Risk Level: High.
Protocol: TCP.
Attacked IP: 0.0.0.0.
Attacked Port: 2204.
Click the address to trace the attacker.

It occurs when I click on a post that has an image in it. Not every post and not every image. Just selective posts. In one case I tried to follow the posters link to his website and I got the same warning. His image is hosted on his site. Norton AV (updated subscription) calls it a Worm. Anyone have an idea whether this is real or not? I thought that it might be a tracking cookie issue or something like that but that's not what is in the log.

http://www.symantec.com/avcenter/attack_sigs/s21196.html

Yeah... I saw that. The problem that I am having occurs on this forum and only on selective users images or website address.

I'm using XP Pro SP2...

Thanks...

How many users?

I suggest You PM the member in question and ask about it. The member may not be aware if he or she has an infected pc.

I think two. One for sure. The first time I got the warning was a few weeks ago and I didn't pay much attention to it. It might have been the same user.

I suggest You PM the member in question and ask about it. The member may not be aware if he or she has an infected pc.

Yeah... I thought of that. Except the images are his and he hosts them on his site (I think he is the right word). I also thought that it was imsigificant. I run a lot of "protection" on my network. Sometimes it blocks things that I don't want to be blocked.

This is not a propogatory issue it's an exploit. Wether is or is not intentional is another matter.
Maybe pass the info to a moderator here and let them handle the issue?

Yeah but if his images are infected with virus or worm then that is serious and could harm other members here so he needs to be notified about a potential issue.

The behavior of the exploit mimicks the definition of a worm, It's very unlikely that these files were 'infected' It's an exploit not a virus.

OK... as JCR said- It's not a propogatory issue it's an exploit. But an exploit isn't good...

If I was positive that there was a problem I would have done something about it the first time that it happend. I know that NAV and Zone Alarm sometimes flag innocent sites (never seen NAV flag an "innocent" file though). I have problems with About.com because of their cookies for instance. I'll deal with it...

I should add this does not mean the originator is responsible, they could have been edited and replaced on the server by a 3rd party.

I just did a username search and of the 8 links that I looked at (there were a lot more) none of the images that he posted came back. All were blocked. But, check this out, when someone edits his image and hosts it on their image storage site I can see the edited image. Wouldn't that mean that the "problem" is likely to be on the storage site and not embedded in the image itself?

Not if the profile has been overwritten after editing...

You can PM me the links?

Done