Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:189754
HistoryJun 14, 2005 - 12:00 a.m.

Microsoft Internet Explorer buffer overflow in PNG image rendering component

2005-06-1400:00:00
www.kb.cert.org
49

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.964 High

EPSS

Percentile

99.6%

JSON

Overview

A buffer overflow in the PNG image rendering component of Microsoft Internet Explorer (IE) may allow a remote attacker to execute code on a vulnerable system.

Description

The Portable Network Graphics (PNG) image format is used as an alternative to other image formats such as the Graphics Interchange Format (GIF). Microsoft Internet Explorer supports PNG image format. The PNG image rendering component of Microsoft Internet Explorer (pngfilt.dll) does not properly handle PNG image files, potentially allowing a buffer overflow to occur. If a remote attacker can persuade a user to access a specially crafted PNG image with IE, that attacker may be able to trigger the buffer overflow.

For more information about affected components, please refer to MS05-025. Please note that Microsoft has reported this issue is distinct from those previously reported in VU#817368 and VU#388984 (CAN-2004-0597).

Impact

If a user opens a specially-crafted PNG image using a vulnerable version of Internet Explorer, an attacker may be able execute arbitrary code with the privileges of the user or cause Internet Explorer to terminate.

Solution

Apply An Update
Microsoft has addressed this issue in Microsoft Security Bulletin MS05-025.

Microsoft Security Bulletin MS05-025 suggests the following workarounds. While these workarounds will not correct the underlying vulnerability, they help block known attack vectors.

Disable PNG rendering

Until the patch can be applied, you may wish to disable the PNG rendering in IE. To disable the PNG rendering , follow these steps:

  1. Click Start, clickRun, type “regsvr32 /u pngfilt.dll” (without the quotation marks), and then clickOK.
  2. A dialog box appears to confirm that the unregistration process has succeeded. Click OK to close the dialog box.
  3. Close Internet Explorer, and reopen it for the changes to take effect…

In addition, the following techniques may reduce the likelihood of exploitation:

Read and send email in plain text format

Outlook 2003, Outlook 2002 SP1, and Outlook 6 SP1 can be configured to view email messages in text format. Consider the security of fellow Internet users and send email in plain text format when possible. Note that reading and sending email in plain text will not necessarily prevent exploitation of this vulnerability.**

Do not follow unsolicited links**

In order to convince users to visit their sites, attackers often use URL encoding, IP address variations, long URLs, intentional misspellings, and other techniques to create misleading links. Do not click on unsolicited links received in email, instant messages, web forums, or internet relay chat (IRC) channels. Type URLs directly into the browser to avoid these misleading links. While these are generally good security practices, following these behaviors will not prevent exploitation of this vulnerability in all cases, particularly if a trusted site has been compromised or allows cross-site scripting.

Vendor Information

189754

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Microsoft Corporation __ Affected

Updated: June 14, 2005

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please refer to <http://www.microsoft.com/technet/security/bulletin/ms05-025.mspx&gt;

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23189754 Feedback>).

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

<http://www.microsoft.com/technet/security/bulletin/ms05-025.mspx&gt;

Acknowledgements

This vulnerability was reported in Microsoft Security Bulletin MS05-025. Microsoft credits Mark Dowd of ISS X-Force for providing information regarding this vulnerability.

This document was written by Jeff Gennari.

Other Information

CVE IDs: CVE-2005-1211
Severity Metric: 22.50 Date Public:

Related

checkpoint_advisories 3
cert 5
cve 3
ubuntucve 1
securityvulns 9
nessus 23
coresecurity 1
f5 2
slackware 3
openvas 16
freebsd 1
gentoo 2
redhat 2
osv 1
suse 7
debian 1
checkpoint_advisories
checkpoint_advisories
libpng Transparency Chunk Length Buffer Overflow (CVE-2004-0597)
2010-02-21 00:00:00
Libpng png_handle_sBIT Local Buffer Overflow - Ver2 (CVE-2004-0597)
2014-03-03 00:00:00
Internet Explorer PNG Image Rendering Memory Corruption - improved performance (MS05-025; CVE-2005-1211; CVE-2006-0025)
2013-03-24 00:00:00
cert
cert
libpng png_handle_sBIT() performs insufficient bounds checking
2004-08-04 00:00:00
libpng png_handle_iCCP() NULL pointer dereference
2004-08-04 00:00:00
libpng png_handle_sPLT() integer overflow
2004-08-04 00:00:00
cve
cve
CVE-2004-0597
2004-11-23 05:00:00
CVE-2005-1211
2005-06-14 04:00:00
CVE-2004-0954
2004-12-23 05:00:00
ubuntucve
ubuntucve
CVE-2004-0597
2004-11-23 00:00:00
securityvulns
securityvulns
Internet Explorer PNG Overflow
2005-06-15 00:00:00
[VulnWatch] CORE-2004-0819: MSN Messenger PNG Image Parsing Vulnerability
2005-02-09 00:00:00
Microsoft Security Bulletin MS05-025 Cumulative Security Update for Internet Explorer &#40;883939&#41;
2005-06-15 00:00:00
nessus
nessus
MS05-009: Vulnerability in PNG Processing Could Allow Remote Code Execution (890261)
2005-02-08 00:00:00
MS05-025: Cumulative Security Update for Internet Explorer (883939)
2005-06-14 00:00:00
Mandrake Linux Security Advisory : libpng (MDKSA-2004:079)
2004-08-22 00:00:00
coresecurity
coresecurity
MSN Messenger PNG Image Parsing Vulnerability
2005-02-08 00:00:00
f5
f5
SOL4009 - Vulnerabilities in libpng - CAN-2004-0597, CAN-2004-0598, CAN-2004-0599
2007-05-16 00:00:00
Vulnerabilities in libpng - CAN-2004-0597, CAN-2004-0598, CAN-2004-0599
2007-05-17 04:00:00
slackware
slackware
libpng
2004-08-09 20:40:50
[slackware-security] imagemagick
2004-08-10 21:26:39
[slackware-security] Mozilla
2004-08-10 21:17:12
openvas
openvas
FreeBSD Ports: ImageMagick, ImageMagick-nox11
2008-09-04 00:00:00
Slackware: Security Advisory (SSA:2004-222-01)
2012-09-10 00:00:00
Slackware Advisory SSA:2004-222-01 libpng
2012-09-11 00:00:00
freebsd
freebsd
libpng stack-based buffer overflow and other code concerns
2004-08-04 00:00:00
gentoo
gentoo
libpng: Numerous vulnerabilities
2004-08-05 00:00:00
Mozilla, Firefox, Thunderbird, Galeon, Epiphany: New releases fix vulnerabilities
2004-08-23 00:00:00
redhat
redhat
(RHSA-2004:402) libpng security update
2004-08-04 00:00:00
(RHSA-2004:421) mozilla security update
2004-08-04 00:00:00
osv
osv
libpng - several vulnerabilities
2004-08-04 00:00:00
suse
suse
remote system compromise in libpng
2004-08-04 15:12:06
remote DoS condition in apache2
2004-09-06 13:51:41
remote code execution in cups
2004-09-15 14:45:26
debian
debian
[SECURITY] [DSA 536-1] New libpng, libpng3 packages fix multiple vulnerabilities
2004-08-04 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.964 High

EPSS

Percentile

99.6%

JSON
Related for VU:189754
checkpoint_advisories3cert5cve3ubuntucve1securityvulns9nessus23coresecurity1f52slackware3openvas16freebsd1gentoo2redhat2osv1suse7debian1