Microsoft Internet Explorer PNG Rendering Vulnerability (MS05-025)
| Attack ID: | CPAI-2005-99 | ||||||||||
 |
|||||||||||
| Publish Date: | |||||||||||
|
|||||||||||
| Last Update: | |||||||||||
|
|||||||||||
| Category: | Remote Code Execution | ||||||||||
|
|||||||||||
| Vulnerable Systems: | Microsoft Windows 2000 SP3 and SP4 Microsoft Windows XP SP1 and Microsoft Windows XP SP2 Microsoft Windows XP 64-Bit Edition SP1 Microsoft Windows XP 64-Bit Edition Version 2003 Microsoft Windows XP Professional x64 Edition Microsoft Windows Server 2003 Microsoft Windows Server 2003 SP1 Microsoft Windows Server 2003 for Itanium-based Systems Microsoft Windows Server 2003 with SP1 for Itanium-based Systems Microsoft Windows Server 2003 x64 Edition Microsoft Windows 98 Microsoft Windows 98 Second Edition (SE) Microsoft Windows Millennium Edition (ME) |
||||||||||
|
|||||||||||
| Source: | Microsoft Security Bulletin MS05-025 |
||||||||||
|
|||||||||||
| Description: | The Portable Network Graphics (PNG) image format is used as an alternative to other image formats such as the GIF and TIFF formats. Microsoft Internet Explorer supports the rendering of Portable Network Graphics (PNG) images in HTML pages. A remote code execution vulnerability exists in Microsoft Internet Explorer because of the way it handles PNG images. An attacker can persuade a target user to view a Web page that embeds a crafted PNG file to trigger the vulnerability. The crafted image can also be sent in HTML format email messages to the target user. Successful exploitation could grant an attacker complete control of an affected system. |
||||||||||
|
|||||||||||
| Severity: | |
||||||||||
| Details: | The vulnerability exists in the PNG decoder library of Internet Explorer. The .png file contains an overly large tRNS chunk type in the image data. Due to lack of boundary checking when handling the chunk data, a buffer overflow condition can be triggered when the vulnerable program is parsing a crafted PNG file. To trigger the vulnerability, the target user should be convinced to access a malicious Web page, which contains a crafted .png file, using Microsoft Internet Explorer. The vulnerability can also be exploited by sending a target user a crafted .png file in HTML format email message. |
||||||||||
|
|||||||||||
| Attack Detection: | Users of VPN-1 NG with Application Intelligence R55W, users of VPN-1 NGX R60 and users of InterSpect who have applied the solution outlined below, will be able to identify the attack by the following log entries: Attack Name: PNG Content Protection Violation |
||||||||||
|
|||||||||||
| Solution: | Users of VPN-1 NG with Application Intelligence R55, R55W, users of VPN-1 NGX R60 and users of InterSpect should update their SmartDefense by clicking the Update Now button on the SmartDefense General window. Version Build Number R55 541050816 R55W 550050816 InterSpect 547050816 |
||||||||||
|
|||||||||||
| Industry Reference: | CAN-2005-1211 | ||||||||||
|
|||||||||||
| Additional Information: | Update from November 30, 2005 On November 30, 2005 the malformed PNG protection has been updated for users of VPN-1NG with Application Intelligence R55W and InterSpect 2.0. Zone Labs Security Advisory |
||||||||||
