[Dshield] The first of what will, I'm sure, be many.

Carboni, Chris ccarboni at azerty.com
Mon Feb 16 14:32:05 GMT 2004

The original can be found at

Microsoft Internet Explorer Integer Overflow in Processing Bitmap Files Lets
Remote Users Execute Arbitrary Code 
SecurityTracker Alert ID:  1009067  
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)  
Date:  Feb 15 2004 
Impact:  Execution of arbitrary code via network, User access via network
Exploit Included:  Yes   
Version(s): 5 (6 is reportedly not vulnerable) 
Description:  A vulnerability was reported in Microsoft Internet Explorer
(IE) version 5. A remote user can execute arbitrary code on the target

It is reported that a remote user can create a specially crafted bitmap file
that, when loaded by IE, will trigger an integer overflow and execute
arbitrary code.

The author states that this flaw was found by reviewing the recently leaked
Microsoft Windows source code. The flaw reportedly resides in

The report indicates that IE 5 is affected but that IE 6 is not affected.

A demonstration exploit is provided in the Source Message [it is Base64
Impact:  A remote user can cause arbitrary code to be executed on the target
user's computer when the target user's browser loads a specially crafted
bitmap file. The code will run with the privileges of the target user.
Solution:  No solution was available at the time of this entry.
Vendor URL:  www.microsoft.com/technet/security/ (Links to External Site) 
Cause:  Boundary error 
Underlying OS:  Windows (Any)
Reported By:  <gta at hush.com>
Message History:   None.  

Christopher Carboni GCWN, MCSE
Azerty, a division of United Stationers Inc.
13 Centre Dr.
Orchard Park, NY 14127
1 800 888-8080 x 2227 

More information about the list mailing list