A vulnerability in the Microsoft Internet Explorer JPEG image rendering routines may allow an attacker to remotely execute arbitrary code.
Microsoft Internet Explorer is a web browser that is available for a variety of platforms and devices. A flaw in the image rendering library that is used to display JPEG-format files may allow an attacker to craft an image that, when viewed, executes arbitrary code on the user's machine. This may create a denial-of-service condition or allow the attacker to take control of the host.
This flaw may be exploited when the user views an HTML document, such as a web page or an HTML email message. If Internet Explorer is the default web browser or JPEG viewing application, a variety of actions outside of normal web browsing may result in Internet Explorer being used to view a maliciously crafted JPEG image.
A remote, unauthenticated attacker may be able to execute arbitrary code on the local machine, leading to a denial-of-service condition or possibly complete control of the machine.
Apply an update
Thanks to Michal Zalewski and Microsoft for reporting this vulnerability.
This document was written by Ken MacInnis.
|Date First Published:||2005-08-09|
|Date Last Updated:||2005-08-16 17:20 UTC|