A vulnerability in Microsoft Internet Explorer could allow a remote attacker to execute arbitrary code on a vulnerable system.
Microsoft Internet Explorer (IE) is a web browser. An integer overflow vulnerability has been discovered in the way that Internet Explorer processes bitmap image files. This vulnerability could allow a remote attacker to execute arbitrary code on a vulnerable system by introducing a specially crafted bitmap file.
A remote attacker may be able to execute arbitrary code on a vulnerable system by introducing a specially crafted bitmap file. This malicious bitmap image may be introduced to the system via a malicious web page, HTML email, or an email attachment.
Apply Patch
Apply a patch as described in Microsoft Security Bulletin MS04-025.
266926
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: February 16, 2004 Updated: July 30, 2004
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23266926 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to [email protected] for reporting this vulnerability.
This document was written by Chad R Dougherty.
CVE IDs: | CVE-2004-0566 |
---|---|
Severity Metric: | 56.11 Date Public: |