Vulnerability Note VU#965206

Microsoft Internet Explorer JPEG rendering library vulnerable to buffer overflow

Original Release date: 09 Aug 2005 | Last revised: 16 Aug 2005

Overview

A vulnerability in the Microsoft Internet Explorer JPEG image rendering routines may allow an attacker to remotely execute arbitrary code.

Description

Microsoft Internet Explorer is a web browser that is available for a variety of platforms and devices. A flaw in the image rendering library that is used to display JPEG-format files may allow an attacker to craft an image that, when viewed, executes arbitrary code on the user's machine. This may create a denial-of-service condition or allow the attacker to take control of the host.

This flaw may be exploited when the user views an HTML document, such as a web page or an HTML email message. If Internet Explorer is the default web browser or JPEG viewing application, a variety of actions outside of normal web browsing may result in Internet Explorer being used to view a maliciously crafted JPEG image.

The amount of access an attacker can gain depends on the user's account. If the user is operating with limited privileges, it minimizes the possible impact. However, if the user has administrator privileges, an attacker might be able to gain complete control of the system.

Impact

A remote, unauthenticated attacker may be able to execute arbitrary code on the local machine, leading to a denial-of-service condition or possibly complete control of the machine.

Solution

Apply an update
Please see Microsoft Security Bulletin MS05-038 for information on fixes, updates, and workarounds.


Do not follow unsolicited links or access unsolicited images

The maliciously-crafted images may be accessible via a web page link or a link sent in email. In order to convince users to visit their sites, attackers often use URL encoding, IP address variations, long URLs, intentional misspellings, and other techniques to create misleading links. Do not click on unsolicited links received in email, instant messages, web forums, or internet relay chat (IRC) channels. Type URLs directly into the browser to avoid these misleading links. While these are generally good security practices, following these behaviors will not prevent exploitation of this vulnerability in all cases.

Use least privilege

Operate with the least privilege possible. Note that this workaround will not prevent exploitation, but it may limit the impact of an attack.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Microsoft CorporationAffected-09 Aug 2005
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

Thanks to Michal Zalewski and Microsoft for reporting this vulnerability.

This document was written by Ken MacInnis.

Other Information

  • CVE IDs: CAN-2005-1988
  • Date Public: 15 Jul 2005
  • Date First Published: 09 Aug 2005
  • Date Last Updated: 16 Aug 2005
  • Severity Metric: 26.73
  • Document Revision: 16

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.