Microsoft Internet Explorer contains an integer overflow in the processing of bitmap files

2004-07-3000:00:00

www.kb.cert.org

0.72 High

EPSS

Percentile

98.1%

JSON

Overview

A vulnerability in Microsoft Internet Explorer could allow a remote attacker to execute arbitrary code on a vulnerable system.

Description

Microsoft Internet Explorer (IE) is a web browser. An integer overflow vulnerability has been discovered in the way that Internet Explorer processes bitmap image files. This vulnerability could allow a remote attacker to execute arbitrary code on a vulnerable system by introducing a specially crafted bitmap file.

Impact

A remote attacker may be able to execute arbitrary code on a vulnerable system by introducing a specially crafted bitmap file. This malicious bitmap image may be introduced to the system via a malicious web page, HTML email, or an email attachment.

Solution

Apply Patch

Apply a patch as described in Microsoft Security Bulletin MS04-025.

Vendor Information

266926

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Microsoft Corporation Affected

Notified: February 16, 2004 Updated: July 30, 2004

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23266926 Feedback>).