Vulnerability Note VU#266926

Microsoft Internet Explorer contains an integer overflow in the processing of bitmap files

Overview

A vulnerability in Microsoft Internet Explorer could allow a remote attacker to execute arbitrary code on a vulnerable system.

I. Description

Microsoft Internet Explorer (IE) is a web browser. An integer overflow vulnerability has been discovered in the way that Internet Explorer processes bitmap image files. This vulnerability could allow a remote attacker to execute arbitrary code on a vulnerable system by introducing a specially crafted bitmap file.

II. Impact

A remote attacker may be able to execute arbitrary code on a vulnerable system by introducing a specially crafted bitmap file. This malicious bitmap image may be introduced to the system via a malicious web page, HTML email, or an email attachment.

III. Solution

Apply Patch

Apply a patch as described in Microsoft Security Bulletin MS04-025.

Systems Affected

Vendor	Status	Date Notified	Date Updated
Microsoft Corporation	Vulnerable	30-Jul-2004

References

http://www.us-cert.gov/cas/techalerts/TA04-212A.html
http://www.microsoft.com/technet/security/bulletin/ms04-025.mspx
http://www.securitytracker.com/alerts/2004/Feb/1009067.html
http://xforce.iss.net/xforce/xfdb/15210
http://www.securityfocus.com/bid/9663

Credit

Thanks to gta@hush.com for reporting this vulnerability.

This document was written by Chad R Dougherty.

Other Information

Date Public:	2004-02-15
Date First Published:	2004-07-30
Date Last Updated:	2004-07-30
CERT Advisory:
CVE-ID(s):	CAN-2004-0566
NVD-ID(s):	CAN-2004-0566
US-CERT Technical Alerts:
Metric:	56.11
Document Revision:	9

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Get Adobe Reader