Reported July 30, 2004, by Microsoft

VERSIONS AFFECTED

  • All versions of Microsoft Internet Explorer (IE)

DESCRIPTION
Three vulnerabilities in IE could result in the remote execution of arbitrary code on the vulnerable system. These three vulnerabilities are:

  • Navigation method cross-domain vulnerability:
    A remote–code-execution vulnerability exists in IE because of the way it handles navigation methods. An attacker could exploit the vulnerability by constructing a malicious Web page that could potentially allow remote code execution if a user visited a malicious Web site. An attacker who successfully exploited this vulnerability could run malicious script code in IE's Local Machine security zone. If a user is logged on with administrative privileges, this could let the attacker take complete control of an affected system.
     
  • Malformed .bmp file buffer-overrun vulnerability:
    A buffer-overrun vulnerability exists in the processing of .bmp image file formats that could allow remote code execution on an affected system. If the user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of the affected system.
     
  • Malformed .gif file double-free vulnerability:
    A buffer-overrun vulnerability exists in the processing of .gif image file formats that could allow remote code execution on an affected system. If the user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of the affected system. Users whose accounts are configured to have fewer privileges on the system are at less risk than users who operate with administrative privileges.

VENDOR RESPONSE
Microsoft has released bulletin MS04-025, "Cumulative Security Update for Internet Explorer (867801)," to address these vulnerabilities and recommends that affected users apply the appropriate patch listed in the bulletin.

CREDIT
Discovered by Microsoft.