Vulnerability Note VU#965206
Microsoft Internet Explorer JPEG rendering library vulnerable to buffer overflow
A vulnerability in the Microsoft Internet Explorer JPEG image rendering routines may allow an attacker to remotely execute arbitrary code.
Microsoft Internet Explorer is a web browser that is available for a variety of platforms and devices. A flaw in the image rendering library that is used to display JPEG-format files may allow an attacker to craft an image that, when viewed, executes arbitrary code on the user's machine. This may create a denial-of-service condition or allow the attacker to take control of the host.
This flaw may be exploited when the user views an HTML document, such as a web page or an HTML email message. If Internet Explorer is the default web browser or JPEG viewing application, a variety of actions outside of normal web browsing may result in Internet Explorer being used to view a maliciously crafted JPEG image.
A remote, unauthenticated attacker may be able to execute arbitrary code on the local machine, leading to a denial-of-service condition or possibly complete control of the machine.
Apply an update
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||-||09 Aug 2005|
CVSS Metrics (Learn More)
Thanks to Michal Zalewski and Microsoft for reporting this vulnerability.
This document was written by Ken MacInnis.
- CVE IDs: CAN-2005-1988
- Date Public: 15 Jul 2005
- Date First Published: 09 Aug 2005
- Date Last Updated: 16 Aug 2005
- Severity Metric: 26.73
- Document Revision: 16
If you have feedback, comments, or additional information about this vulnerability, please send us email.