By David Morgenstern
February 16, 2004
A security company on Monday alerted clients of a new vulnerability to Internet Explorer 5, one attributed to the recent leak of Microsoft Corp. Windows source code. The quick attack appears to contradict some optimistic expectations that the recent leak of Windows 2000 and NT code would not pose a significant opportunity for hackers.
According to a message posted by SecurityGlobal.net LLC's Security Tracker Web site, a vulnerability was reported in Microsoft Internet Explorer Version 5 that lets a "remote user execute arbitrary code on the target system."
Feb 16 2004 2:39PM
From securitytracker http://www.securitytracker.com/alerts/2004/Feb/1009067.html
Microsoft Internet Explorer Integer Overflow in Processing Bitmap Files Lets Remote
Users Execute Arbitrary Code
SecurityTracker Alert ID: 1009067
CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)
Date: Feb 15 2004
Impact: Execution of arbitrary code via network, User access via network
Exploit Included: Yes
Version(s): 5 (6 is reportedly not vulnerable)
Description: A vulnerability was reported in Microsoft Internet Explorer (IE) version
5. A remote user can execute arbitrary code on the target system.
It is reported that a remote user can create a specially crafted bitmap file that,
when loaded by IE, will trigger an integer overflow and execute arbitrary code.
The author states that this flaw was found by reviewing the recently leaked Microsoft
Windows source code. The flaw reportedly resides in 'win2k/private/inet/mshtml/src/site/download/imgbmp.cxx'.
The report indicates that IE 5 is affected but that IE 6 is not affected.
A demonstration exploit is provided in the Source Message [it is Base64 encoded].
Impact: A remote user can cause arbitrary code to be executed on the target user's
computer when the target user's browser loads a specially crafted bitmap file.
The code will run with the privileges of the target user.
Solution: No solution was available at the time of this entry.
Vendor URL: www.microsoft.com/technet/security/ (Links to External Site)
Cause: Boundary error
Underlying OS: Windows (Any)
Reported By: <gta hush com>
Message History: None.