• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Focus On: Vista
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns

• info
• discussion
• exploit
• solution
• references

Microsoft Internet Explorer Bitmap Processing Integer Overflow Vulnerability

Microsoft Internet Explorer has been reported prone to an integer overflow vulnerability. The issue presents itself in bitmap file processing procedures and is due to the use of a signed integer employed during boundary checking routines.

Ultimately an attacker may exploit this condition to corrupt a saved instruction or stack frame base pointer, to influence execution flow of the affected browser into attacker-supplied instructions.

This issue could also be exposed via other software that uses Internet Explorer to render images, such as Outlook, though this has not been confirmed.