rerun2
February 16th, 2004, 10:44 PM
"Description: A vulnerability was reported in Microsoft Internet Explorer (IE) version 5. A remote user can execute arbitrary code on the target system.
It is reported that a remote user can create a specially crafted bitmap file that, when loaded by IE, will trigger an integer overflow and execute arbitrary code.
The author states that this flaw was found by reviewing the recently leaked Microsoft Windows source code. The flaw reportedly resides in 'win2k/private/inet/mshtml/src/site/download/imgbmp.cxx'.
The report indicates that IE 5 is affected but that IE 6 is not affected."
http://www.securitytracker.com/alerts/2004/Feb/1009067.html
It is reported that a remote user can create a specially crafted bitmap file that, when loaded by IE, will trigger an integer overflow and execute arbitrary code.
The author states that this flaw was found by reviewing the recently leaked Microsoft Windows source code. The flaw reportedly resides in 'win2k/private/inet/mshtml/src/site/download/imgbmp.cxx'.
The report indicates that IE 5 is affected but that IE 6 is not affected."
http://www.securitytracker.com/alerts/2004/Feb/1009067.html