IE5 vulnerability allows execution of arbitrary code

Discussion in 'other security issues & news' started by rerun2, Feb 16, 2004.

Thread Status:
Not open for further replies.
  1. rerun2

    rerun2 Registered Member

    Joined:
    Aug 27, 2003
    Posts:
    338
    "Description: A vulnerability was reported in Microsoft Internet Explorer (IE) version 5. A remote user can execute arbitrary code on the target system.

    It is reported that a remote user can create a specially crafted bitmap file that, when loaded by IE, will trigger an integer overflow and execute arbitrary code.

    The author states that this flaw was found by reviewing the recently leaked Microsoft Windows source code. The flaw reportedly resides in 'win2k/private/inet/mshtml/src/site/download/imgbmp.cxx'.

    The report indicates that IE 5 is affected but that IE 6 is not affected."

    http://www.securitytracker.com/alerts/2004/Feb/1009067.html
     
Loading...
Thread Status:
Not open for further replies.