Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:8854
HistoryJun 15, 2005 - 12:00 a.m.

Internet Explorer PNG Overflow

2005-06-1500:00:00
vulners.com
37

EPSS

0.963

Percentile

99.6%

Internet Security Systems Protection Advisory
June 14, 2005

Internet Explorer PNG Overflow

Summary:

ISS has shipped protection for a flaw X-Force has discovered in the PNG
image processing library used in software such as Microsoft's Internet
Explorer web browser. By crafting a PNG file in a malicious manner, an
attacker is able to trigger a heap overflow within Internet Explorer,
leading to arbitrary code execution and remote compromise.

ISS Protection Strategy:

ISS has provided preemptive protection for these vulnerabilities. We
recommend that all customers apply applicable ISS product updates.

Network Sensor 7.0, Proventia A and G100, G200, G1200:
XPU 22.30 / 8/25/04
Image_PNG_tRNS_BO

Proventia M and G400, G2000:
XPU 1.28 / 8/25/04
Image_PNG_tRNS_BO

Server Sensor 7.0:
XPU 22.30 / 8/25/04
Image_PNG_tRNS_BO

Proventia Desktop
XPU 8.0.614.1
Image_PNG_tRNS_BO

Desktop Protector 7.0:
Version ENR / 9/25/04
Image_PNG_tRNS_BO

BlackICE Agent for Server 3.6:
Version ENR / 9/25/04
Image_PNG_tRNS_BO

These updates are now available from the ISS Download Center at:
http://www.iss.net/download.

Business Impact:

Compromise of networks and machines using affected versions of Internet
Explorer may lead to exposure of confidential information, loss of
productivity, and further network compromise. An attacker would be required
to cause a user to view a malicious website or email containing a
maliciously crafted image. Successful exploitation would grant an attacker
the privileges of the user viewing the image, up to and including
administrative privileges.

Affected Products:

Windows 2000 up to and including SP4
Windows XP up to and including SP2
Windows Server 2003 up to and including SP1

Note: Additional versions may be affected, please contact your
vendor for confirmation.

Description:

Portable Network Graphics (PNG) is a common and established image standard.
This image format is widely supported in applications that view images.
Microsoft's PNG filter library is a multi-purpose implementation of PNG
rendering, and is used by applications such as Internet Explorer.

Microsoft's PNG filter library contains a buffer overflow vulnerability
when processing maliciously-crafted PNG images. The library does not
correctly handle a specific large PNG chunk, leading to heap corruption.
Exploitation of this buffer overflow can lead to remote compromise of
affected machines with minimal user-interaction.

While this library is used by Internet Explorer, it is likely that additional
applications make use of this library and may be affected as well. In order
to exploit this vulnerability through Internet Explorer, an attacker would be
required to induce the victim to view a web page or email message containing
a maliciously-crafted PNG image.

The ISS X-Press Updates detailed above have the ability to protect
against attack attempts targeted at Internet Explorer.

Additional Information:

Microsoft Security Bulletin:
http://www.microsoft.com/technet/security/Bulletin/MS05-025.mspx

The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CAN-2004-0597 to this issue. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org), which standardizes names for
security problems.

Credit:

This vulnerability was discovered and researched by Mark Dowd of the ISS
X-Force.


About Internet Security Systems (ISS)
Internet Security Systems, Inc. (ISS) is the trusted security expert to
global enterprises and world governments, providing products and services
that protect against Internet threats. An established world leader
in security since 1994, ISS delivers proven cost efficiencies and
reduces regulatory and business risk across the enterprise for
more than 11,000 customers worldwide. ISS products and services
are based on the proactive security intelligence conducted by ISS'
X-Forceโ”ฌะพ research and development team ั‚ะะฃ the unequivocal world
authority in vulnerability and threat research. Headquartered
in Atlanta, Internet Security Systems has additional operations
throughout the Americas, Asia, Australia, Europe and the Middle East.

Copyright (c) 2005 Internet Security Systems, Inc. All rights reserved
worldwide.

This document is not to be edited or altered in any way without the
express written consent of Internet Security Systems, Inc. If you wish
to reprint the whole or any part of this document, please email

[email protected] for permission. You may provide links to this document
from your web site, and you may make copies of this document in
accordance with the fair use doctrine of the U.S. copyright laws.

Disclaimer: The information within this document may change without notice.
Use of this information constitutes acceptance for use in an AS IS
condition. There are NO warranties, implied or otherwise, with regard to
this information or its use. Any use of this information is at the
user's risk. In no event shall the author/distributor (Internet Security
Systems X-Force) be held liable for any damages whatsoever arising out
of or in connection with the use or spread of this information.

X-Force PGP Key available on MIT's PGP key server and PGP.com's key
server, as well as at http://www.iss.net/security_center/sensitive.php
Please send suggestions, updates, and comments to: X-Force

[email protected] of Internet Security Systems, Inc.