Microsoft IE Malformed GIF Double-free DoS

2003-09-02T14:51:36
ID OSVDB:8277
Type osvdb
Reporter Marc Ruef(maru@scip.ch)
Modified 2003-09-02T14:51:36

Description

Vulnerability Description

Internet Explorer contains a flaw that may allow a remote denial of service. The issue is triggered by a double-free when a malformed GIF image is processed by mshtml.dll, and will result in loss of availability for the program.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Short Description

Internet Explorer contains a flaw that may allow a remote denial of service. The issue is triggered by a double-free when a malformed GIF image is processed by mshtml.dll, and will result in loss of availability for the program.

References:

US-CERT Cyber Security Alert: TA04-212A Secunia Advisory ID:12192 Related OSVDB ID: 8275 Related OSVDB ID: 8276 Microsoft Security Bulletin: ms04-025 Mail List Post: http://marc.theaimsgroup.com/?l=full-disclosure&m=106248836920737&w=2 Mail List Post: http://marc.theaimsgroup.com/?l=full-disclosure&m=106251714116250&w=2 Mail List Post: http://marc.theaimsgroup.com/?l=full-disclosure&m=106255246525018&w=2 CVE-2003-1048 CERT VU: 685364