[Vulnerabilidad] Explorer v5 (Ejecucion remota de codigo)

En ingles
http://www.securitytracker.com/aler...009067.htm

Microsoft Internet Explorer Integer Overflow in

Files Lets Remote Users Execute Arbitrary Code

SecurityTracker Alert ID: 1009067
CVE Reference: GENERIC-MAP-NOMATCH (Links to External

Date: Feb 15 2004

Impact: Execution of arbitrary code via network, User

network

Exploit Included: Yes

Version(s): 5 (6 is reportedly not vulnerable)

Description: A vulnerability was reported in Microsoft

Explorer (IE) version 5. A remote user can execute

the target system.

It is reported that a remote user can create a specially

bitmap file that, when loaded by IE, will trigger an

and execute arbitrary code.

The author states that this flaw was found by reviewing

leaked Microsoft Windows source code. The flaw reportedly

'win2k/private/inet/mshtml/src/site/download/imgbmp.cxx'.

The report indicates that IE 5 is affected but that IE 6

affected.

A demonstration exploit is provided in the Source Message

Base64 encoded].

Impact: A remote user can cause arbitrary code to be

target user's computer when the target user's browser

specially crafted bitmap file. The code will run with the

of the target user.

Solution: No solution was available at the time of this

Vendor URL: www.microsoft.com/technet/security/ (Links

Site)

Cause: Boundary error

Underlying OS: Windows (Any)

Reported By:

Message History: None.

Existe un programa que explota tal vulnerabilidad.

Por lo visto el autor ha mencionado que encontro tal

las fuentes robadas del windows 2000 en la siguiente

'win2k/private/inet/mshtml/src/site/download/imgbmp.cxx'.

Solo funciona en la version 5 de explorer, el consejo es

lo antes posible a la version 6 + parches, o utilizar

de internet.


Ille Corvus. Hic et Nunc.

Meritorios de Filtrado (Kill-file):
jm tella llop (2003.10.25)
.

En ingles
http://www.securitytracker.com/aler...009067.htm

Microsoft Internet Explorer Integer Overflow in

Files Lets Remote Users Execute Arbitrary Code

SecurityTracker Alert ID: 1009067
CVE Reference: GENERIC-MAP-NOMATCH (Links to External

Date: Feb 15 2004

Impact: Execution of arbitrary code via network, User

network

Exploit Included: Yes

Version(s): 5 (6 is reportedly not vulnerable)

Description: A vulnerability was reported in Microsoft

Explorer (IE) version 5. A remote user can execute

the target system.

It is reported that a remote user can create a specially

bitmap file that, when loaded by IE, will trigger an

and execute arbitrary code.

The author states that this flaw was found by reviewing

leaked Microsoft Windows source code. The flaw reportedly

'win2k/private/inet/mshtml/src/site/download/imgbmp.cxx'.

The report indicates that IE 5 is affected but that IE 6

affected.

A demonstration exploit is provided in the Source Message

Base64 encoded].

Impact: A remote user can cause arbitrary code to be

target user's computer when the target user's browser

specially crafted bitmap file. The code will run with the

of the target user.

Solution: No solution was available at the time of this

Vendor URL: www.microsoft.com/technet/security/ (Links

Site)

Cause: Boundary error

Underlying OS: Windows (Any)

Reported By:

Message History: None.

Existe un programa que explota tal vulnerabilidad.

Por lo visto el autor ha mencionado que encontro tal

las fuentes robadas del windows 2000 en la siguiente

'win2k/private/inet/mshtml/src/site/download/imgbmp.cxx'.

Solo funciona en la version 5 de explorer, el consejo es

lo antes posible a la version 6 + parches, o utilizar

de internet.


Ille Corvus. Hic et Nunc.

Meritorios de Filtrado (Kill-file):
jm tella llop (2003.10.25)
.

En ingles
http://www.securitytracker.com/aler...09067.html

Microsoft Internet Explorer Integer Overflow in Processing Bitmap
Files Lets Remote Users Execute Arbitrary Code

SecurityTracker Alert ID: 1009067
CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)
Date: Feb 15 2004

Impact: Execution of arbitrary code via network, User access via
network

Exploit Included: Yes

Version(s): 5 (6 is reportedly not vulnerable)

Description: A vulnerability was reported in Microsoft Internet
Explorer (IE) version 5. A remote user can execute arbitrary code on
the target system.

It is reported that a remote user can create a specially crafted
bitmap file that, when loaded by IE, will trigger an integer overflow
and execute arbitrary code.

The author states that this flaw was found by reviewing the recently
leaked Microsoft Windows source code. The flaw reportedly resides in
'win2k/private/inet/mshtml/src/site/download/imgbmp.cxx'.

The report indicates that IE 5 is affected but that IE 6 is not
affected.

A demonstration exploit is provided in the Source Message [it is
Base64 encoded].

Impact: A remote user can cause arbitrary code to be executed on the
target user's computer when the target user's browser loads a
specially crafted bitmap file. The code will run with the privileges
of the target user.

Solution: No solution was available at the time of this entry.

Vendor URL: www.microsoft.com/technet/security/ (Links to External
Site)

Cause: Boundary error

Underlying OS: Windows (Any)

Reported By:

Message History: None.

Existe un programa que explota tal vulnerabilidad.

Por lo visto el autor ha mencionado que encontro tal vulnerabilidad en
las fuentes robadas del windows 2000 en la siguiente carpeta.
'win2k/private/inet/mshtml/src/site/download/imgbmp.cxx'.

Solo funciona en la version 5 de explorer, el consejo es actualizarse
lo antes posible a la version 6 + parches, o utilizar otro navegador
de internet.


Ille Corvus. Hic et Nunc.

Meritorios de Filtrado (Kill-file):
jm tella llop (2003.10.25)

ahi si quedo como dicen como un estólido... o como un verdadero estulto...
que pena...