IE5 vulnerability allows execution of arbitrary code

Discussion in 'other security issues & news' started by rerun2, Feb 16, 2004.

Thread Status:
Not open for further replies.
  1. rerun2

    rerun2 Registered Member

    Aug 27, 2003
    "Description: A vulnerability was reported in Microsoft Internet Explorer (IE) version 5. A remote user can execute arbitrary code on the target system.

    It is reported that a remote user can create a specially crafted bitmap file that, when loaded by IE, will trigger an integer overflow and execute arbitrary code.

    The author states that this flaw was found by reviewing the recently leaked Microsoft Windows source code. The flaw reportedly resides in 'win2k/private/inet/mshtml/src/site/download/imgbmp.cxx'.

    The report indicates that IE 5 is affected but that IE 6 is not affected."
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.