1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP MS DirectX Img Processing Code Exec

HTTP MS DirectX Img Processing Code Exec

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt to exploit a buffer overflow vulnerability in Internet Explorer dealing with image processing.

Additional Information

A remote code execution vulnerability exists in the way Internet Explorer handles argument validation in image processing. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user.

To view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2008-0078.

Affected

  • IE5.01 SP4 on Microsoft Windows 2000 SP4
  • IE6 SP1 when installed on Microsoft Windows 2000 SP4
  • IE6 for Windows XP SP2
  • IE6 for Windows XP Profx64 Edition and Windows XP Prof x64 Edition SP2
  • IE6 for Windows Server 2003 SP1 and Windows Server 2003 SP2
  • IE6 for Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition SP2
  • IE6 for Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
  • IE7 for Windows XP SP2
  • IE7 for Windows XP Prof x64 Edition and Windows XP Prof x64 Edition SP2
  • IE7 for Windows Server 2003 SP1 and Windows Server 2003 SP2
  • IE7 for Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition SP2
  • IE7 for Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
  • IE7 in Windows Vista
  • IE7 in Windows Vista x64 Edition

Response

Download and install patches from the vendor related to this issue.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube