This is a very serious problem. A virus writer could easily exploit this by sending emails with image embedded html. I am not finding much information on how the jpeg would be crafted to take advantage of this exploit, but I could theorize a worse case scenario where a spreading virus would actually infect other jpegs. Not a pretty picture.
A brief article from Sophos:
Microsoft warns of critical JPEG image vulnerability
Read this to get the updates:
Microsoft Security Bulletin MS04-028