SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips
 

Vulnerability Note VU#923236

Microsoft Windows ART image handling buffer overflow

Overview

Microsoft Windows ART image handling routines are vulnerable to a heap-based buffer overflow. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

I. Description

ART Images

According to Microsoft Security Bulletin MS06-022:

    ART is an image file format used by the America Online (AOL) client software. Windows also includes the library and Internet Explorer displays ART images.
The Problem

Microsoft Windows fails to properly handle malformed ART images allowing in a heap-based buffer overflow to occur. If a remote attacker can persuade a user to access specially crafted ART image, that attacker may be able to trigger the overflow.

Considerations

According to Microsoft Security Bulletin MS06-022:

For more information refer to Microsoft Security Bulletin MS06-022.

II. Impact

A remote, unauthenticated attacker may be able to execute arbitrary code. If the attacked user is running with administrative privileges, the attacker could take complete control of an affected system.

III. Solution

Apply a patch from Microsoft

Microsoft addresses this vulnerability with the updates listed in Microsoft Security Bulletin MS06-022.

For a list of workarounds refer to Microsoft Security Bulletin MS06-022.

Systems Affected

VendorStatusDate Updated
Microsoft CorporationVulnerable13-Jun-2006

References


http://www.microsoft.com/technet/security/Bulletin/MS06-022.mspx
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=407

Credit

This vulnerability was reported by iDefense.

This document was written by Jeff Gennari.

Other Information

Date Public06/13/2006
Date First Published06/13/2006 03:03:47 PM
Date Last Updated06/14/2006
CERT Advisory 
CVE NameCVE-2006-2378
US-CERT Technical Alerts 
Metric55.58
Document Revision30

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2006 by US-CERT, a government organization
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader