search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

Microsoft Internet Explorer JPEG rendering library vulnerable to buffer overflow

Vulnerability Note VU#965206

Original Release Date: 2005-08-09 | Last Revised: 2005-08-16

Overview

A vulnerability in the Microsoft Internet Explorer JPEG image rendering routines may allow an attacker to remotely execute arbitrary code.

Description

Microsoft Internet Explorer is a web browser that is available for a variety of platforms and devices. A flaw in the image rendering library that is used to display JPEG-format files may allow an attacker to craft an image that, when viewed, executes arbitrary code on the user's machine. This may create a denial-of-service condition or allow the attacker to take control of the host.

This flaw may be exploited when the user views an HTML document, such as a web page or an HTML email message. If Internet Explorer is the default web browser or JPEG viewing application, a variety of actions outside of normal web browsing may result in Internet Explorer being used to view a maliciously crafted JPEG image.

The amount of access an attacker can gain depends on the user's account. If the user is operating with limited privileges, it minimizes the possible impact. However, if the user has administrator privileges, an attacker might be able to gain complete control of the system.

Impact

A remote, unauthenticated attacker may be able to execute arbitrary code on the local machine, leading to a denial-of-service condition or possibly complete control of the machine.

Solution

Apply an update
Please see Microsoft Security Bulletin MS05-038 for information on fixes, updates, and workarounds.


Do not follow unsolicited links or access unsolicited images

The maliciously-crafted images may be accessible via a web page link or a link sent in email. In order to convince users to visit their sites, attackers often use URL encoding, IP address variations, long URLs, intentional misspellings, and other techniques to create misleading links. Do not click on unsolicited links received in email, instant messages, web forums, or internet relay chat (IRC) channels. Type URLs directly into the browser to avoid these misleading links. While these are generally good security practices, following these behaviors will not prevent exploitation of this vulnerability in all cases.

Use least privilege

Operate with the least privilege possible. Note that this workaround will not prevent exploitation, but it may limit the impact of an attack.

Vendor Information

965206
 
Expand all

Microsoft Corporation Affected

Updated:  August 09, 2005

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see Microsoft Security Bulletin MS05-038 for information on fixes, updates, and workarounds.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

Thanks to Michal Zalewski and Microsoft for reporting this vulnerability.

This document was written by Ken MacInnis.

Other Information

CVE IDs: CVE-2005-1988
Severity Metric: 26.73
Date Public: 2005-07-15
Date First Published: 2005-08-09
Date Last Updated: 2005-08-16 17:20 UTC
Document Revision: 16

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis