Microsoft Internet Explorer Buffer Overflow in Rendering PNG Images Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1014201 |
|
SecurityTracker URL: http://securitytracker.com/id/1014201
|
|
CVE Reference:
CVE-2005-1211
(Links to External Site)
|
Updated: Jul 7 2008
|
Original Entry Date: Jun 14 2005
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 5.01 SP4, 5.5 SP2, 6 SP1; and prior service packs
|
Description:
A vulnerability was reported in Microsoft Internet Explorer in the processing of Portable Network Graphics (PNG) images. A remote user can execute arbitrary code on the target user's system.
A remote user can supply a specially crafted PNG image to trigger a buffer overflow in the PNG image rendering library in Internet Explorer and execute arbitrary code. The code will run with the privileges of the target user.
A specific large PNG chunk can trigger the flaw.
Microsoft credits Mark Dowd of ISS X-Force for reporting this vulnerability.
The original ISS advisory is available at:
http://xforce.iss.net/xforce/alerts/id/196
|
Impact:
A remote user can execute arbitrary code on the target user's system.
|
Solution:
The vendor has issued the following fixes (a cumulative update):
Internet Explorer 5.01 Service Pack 3 on Microsoft Windows 2000 Service Pack 3:
http://www.microsoft.com/downloads/details.aspx?FamilyId=5F577A83-67C6-45AE-B5C5-10D7C7FFA3D3
Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4:
http://www.microsoft.com/downloads/details.aspx?FamilyId=703859AF-CDD5-4348-8916-472A3FDF8667
Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 3, on Microsoft Windows 2000 Service Pack 4, or on Microsoft Windows XP Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=A1809B9B-9B0F-4A9C-84A5-56B774920313
Internet Explorer 6 for Microsoft Windows XP Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=36EC67CA-94F6-4E55-ADCD-4406A3D6AADE
Internet Explorer 6 Service Pack 1 for Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium):
http://www.microsoft.com/downloads/details.aspx?FamilyId=6AAE593C-8FFD-443F-B9AC-3F9F0F20A2EB
Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=2C58B8F7-4F2D-44DA-80EF-B83667B5AFD7
Internet Explorer 6 for Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium), Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?FamilyId=77E601E9-4EED-4671-8F3E-AD58A1E88041
Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition, and Microsoft Windows XP Professional x64 Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyId=1A7087F1-3AF2-4B33-9F04-6159FAA34C31
Slovenian:
http://www.microsoft.com/downloads/details.aspx?FamilyId=660B5789-2986-448F-97F5-09E8F1E0170F&displaylang=sl
Slovakian:
http://www.microsoft.com/downloads/details.aspx?FamilyId=660B5789-2986-448F-97F5-09E8F1E0170F&displaylang=sk
A restart is required.
|
Vendor URL: www.microsoft.com/technet/security/Bulletin/MS05-025.mspx (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 14 Jun 2005 13:16:52 -0400
Subject: http://www.microsoft.com/technet/security/Bulletin/MS05-025.mspx
|
http://www.microsoft.com/technet/security/Bulletin/MS05-025.mspx
|
|
