[<prev] [next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.58.0508111302480.18264@dione>
Date: Thu, 11 Aug 2005 13:14:46 +0200 (CEST)
From: Michal Zalewski <lcamtuf@...ne.ids.pl>
To: bugtraq@...urityfocus.com
Cc: Full-Disclosure@...ts.grok.org.uk
Subject: Re: Compromising pictures of Microsoft Internet
Explorer!
> This experiment resulted in identifying a potential remote code
> execution path in Microsoft Internet Explorer, plus some other bugs, and
> should be a good starting point for further testing of other browsers or
> similar programs.
Just for the reference, this is confirmed to be fixed by the most recent
(and long overdue) cummulative update for MSIE (a part of MS05-038):
JPEG Image Rendering Memory Corruption Vulnerability - CAN-2005-1988
A remote code execution vulnerability exists in Internet Explorer
because of the way that it handles JPEG images. An attacker could
exploit the vulnerability by constructing a malicious JPEG image that
could potentially allow remote code execution if a user visited a
malicious Web site or viewed a malicious e-mail message. An attacker
who successfully exploited this vulnerability could take complete
control of an affected system.
Thought I'd clarify, because CVE seems to carry original references with
one candidate entry (CAN-2005-2308), and Microsoft's patch with no prior
references in another (CAN-2005-1988) - so there might be some confusion
as to what was fixed and why. CERT and Securityfocus both include proper
data, though.
Cheers,
/mz
http://lcamtuf.coredump.cx/silence/
View attachment "index.cgi" of type "TEXT/PLAIN" (440 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists