Overview
A vulnerability in the Microsoft Internet Explorer JPEG image rendering routines may allow an attacker to remotely execute arbitrary code.
Description
Microsoft Internet Explorer is a web browser that is available for a variety of platforms and devices. A flaw in the image rendering library that is used to display JPEG-format files may allow an attacker to craft an image that, when viewed, executes arbitrary code on the user's machine. This may create a denial-of-service condition or allow the attacker to take control of the host. This flaw may be exploited when the user views an HTML document, such as a web page or an HTML email message. If Internet Explorer is the default web browser or JPEG viewing application, a variety of actions outside of normal web browsing may result in Internet Explorer being used to view a maliciously crafted JPEG image. |
Impact
A remote, unauthenticated attacker may be able to execute arbitrary code on the local machine, leading to a denial-of-service condition or possibly complete control of the machine. |
Solution
Apply an update |
|
Vendor Information
CVSS Metrics
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
References
Acknowledgements
Thanks to Michal Zalewski and Microsoft for reporting this vulnerability.
This document was written by Ken MacInnis.
Other Information
CVE IDs: | CVE-2005-1988 |
Severity Metric: | 26.73 |
Date Public: | 2005-07-15 |
Date First Published: | 2005-08-09 |
Date Last Updated: | 2005-08-16 17:20 UTC |
Document Revision: | 16 |