micha_bravo
Member
|
# Posted: 8 Feb 2006 15:24
Reply
Rated as : Critical Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2006-02-08
Technical Description
A vulnerability has been identified in Microsoft Internet Explorer, which could be exploited by remote attackers to execute arbitrary commands. This flaw is due to a memory corruption error in the rendering of Windows Metafile (WMF) images containing a specially crafted header size, which could be exploited by attackers to remotely take complete control of an affected system by convincing a user to open a malicious email attachment or visit a specially crafted Web page that is designed to automatically exploit this vulnerability through Internet Explorer.
Affected Products
Microsoft Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 Microsoft Internet Explorer 5.5 Service Pack 2 on Microsoft Windows Millennium
Solution
Upgrade to Internet Explorer 6 Service Pack 1 : http://www.microsoft.com/windows....lt.mspx
References
http://www.microsoft.com/technet/security/advisory/913333.mspx
|