Microsoft Windows Malformed ART Image Remote Code Execution Vulnerability
BID:18394
CVE-2006-2378 |Info
Microsoft Windows Malformed ART Image Remote Code Execution Vulnerability
| Bugtraq ID: | 18394 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2006-2378 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 13 2006 12:00AM |
| Updated: | Jun 14 2006 04:11PM |
| Credit: | The original discoverer of this issue wishes to remain anonymous. |
| Vulnerable: |
Microsoft Windows XP Tablet PC Edition SP2 Microsoft Windows XP Tablet PC Edition SP1 Microsoft Windows XP Tablet PC Edition Microsoft Windows XP Professional x64 Edition Microsoft Windows XP Professional SP2 Microsoft Windows XP Professional SP1 Microsoft Windows XP Professional Microsoft Windows XP Media Center Edition SP2 Microsoft Windows XP Media Center Edition SP1 Microsoft Windows XP Media Center Edition Microsoft Windows XP Home SP2 Microsoft Windows XP Home SP1 Microsoft Windows XP Home Microsoft Windows XP 64-bit Edition SP1 Microsoft Windows XP 64-bit Edition Microsoft Windows XP 0 Microsoft Windows Server 2003 Web Edition SP1 Microsoft Windows Server 2003 Web Edition Microsoft Windows Server 2003 Standard x64 Edition Microsoft Windows Server 2003 Standard Edition SP1 Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2003 Enterprise x64 Edition Microsoft Windows Server 2003 Enterprise Edition Itanium SP1 Microsoft Windows Server 2003 Enterprise Edition Itanium 0 Microsoft Windows Server 2003 Enterprise Edition SP1 Microsoft Windows Server 2003 Enterprise Edition Microsoft Windows Server 2003 Datacenter x64 Edition Microsoft Windows Server 2003 Datacenter Edition Itanium SP1 Microsoft Windows Server 2003 Datacenter Edition Itanium 0 Microsoft Windows Server 2003 Datacenter Edition SP1 Microsoft Windows Server 2003 Datacenter Edition Microsoft Internet Explorer 5.0.1 SP4 Microsoft Internet Explorer 5.0.1 SP3 Microsoft Internet Explorer 5.0.1 SP2 Microsoft Internet Explorer 5.0.1 SP1 Microsoft Internet Explorer 5.0.1 Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6.0 |
| Not Vulnerable: | |
Discussion
Microsoft Windows Malformed ART Image Remote Code Execution Vulnerability
Microsoft Windows is prone to remote code execution when processing malformed AOL ART images.
This issue is exposed when the malicious images are processed by Internet Explorer or other applications that rely on Internet Explorer to display AOL ART images. If exploited, this vulnerability could let a remote attacker execute arbitrary code in the context of the victim user.
Microsoft Windows is prone to remote code execution when processing malformed AOL ART images.
This issue is exposed when the malicious images are processed by Internet Explorer or other applications that rely on Internet Explorer to display AOL ART images. If exploited, this vulnerability could let a remote attacker execute arbitrary code in the context of the victim user.
Exploit / POC
Microsoft Windows Malformed ART Image Remote Code Execution Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution / Fix
Microsoft Windows Malformed ART Image Remote Code Execution Vulnerability
Solution:
Microsoft has released a security bulletin and fixes to address this issue.
Microsoft Windows Server 2003 Datacenter Edition SP1
Microsoft Windows Server 2003 Datacenter x64 Edition
Microsoft Windows Server 2003 Enterprise Edition SP1
Microsoft Windows XP Media Center Edition SP2
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition Itanium SP1
Microsoft Windows XP Tablet PC Edition SP1
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows XP Home SP2
Microsoft Windows XP Tablet PC Edition SP2
Microsoft Windows XP Media Center Edition SP1
Microsoft Windows Server 2003 Web Edition
Microsoft Windows XP Home SP1
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003 Web Edition SP1
Microsoft Windows Server 2003 Enterprise Edition Itanium 0
Microsoft Windows Server 2003 Standard Edition SP1
Microsoft Internet Explorer 6.0 SP1
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows XP Professional SP2
Microsoft Windows Server 2003 Datacenter Edition Itanium SP1
Microsoft Windows Server 2003 Standard x64 Edition
Microsoft Windows Server 2003 Enterprise x64 Edition
Microsoft Windows XP Professional SP1
Microsoft Windows Server 2003 Datacenter Edition Itanium 0
Solution:
Microsoft has released a security bulletin and fixes to address this issue.
Microsoft Windows Server 2003 Datacenter Edition SP1
-
Microsoft Vulnerability in ART Image Rendering Could Allow Remote Code Execution in Internet Explorer for Wind
http://www.microsoft.com/downloads/details.aspx?familyid=56DF0CF2-9214 -4B23-9034-C59E8B7126D6
Microsoft Windows Server 2003 Datacenter x64 Edition
-
Microsoft Vulnerability in ART Image Rendering Could Allow Remote Code Execution in Internet Explorer for Wind
http://www.microsoft.com/downloads/details.aspx?familyid=4DC13B7C-01AB -4BB6-9766-0FE0D02E410D&displaylang=en
Microsoft Windows Server 2003 Enterprise Edition SP1
-
Microsoft Vulnerability in ART Image Rendering Could Allow Remote Code Execution in Internet Explorer for Wind
http://www.microsoft.com/downloads/details.aspx?familyid=56DF0CF2-9214 -4B23-9034-C59E8B7126D6
Microsoft Windows XP Media Center Edition SP2
-
Microsoft Vulnerability in ART Image Rendering Could Allow Remote Code Execution in Internet Explorer for Wind
http://www.microsoft.com/downloads/details.aspx?familyid=71022EA1-94CB -4FE9-B89E-46876D068B9A&displaylang=en
Microsoft Windows Server 2003 Datacenter Edition
-
Microsoft Vulnerability in ART Image Rendering Could Allow Remote Code Execution in Internet Explorer for Wind
http://www.microsoft.com/downloads/details.aspx?familyid=56DF0CF2-9214 -4B23-9034-C59E8B7126D6
Microsoft Windows Server 2003 Enterprise Edition Itanium SP1
-
Microsoft Vulnerability in ART Image Rendering Could Allow Remote Code Execution in Windows Server 2003 64-bit
http://www.microsoft.com/downloads/details.aspx?familyid=5E1B95C3-7E75 -4468-829C-1DC7B4ECE5D0&displaylang=en
Microsoft Windows XP Tablet PC Edition SP1
-
Microsoft Vulnerability in ART Image Rendering Could Allow Remote Code Execution in Internet Explorer 6 Servic
http://www.microsoft.com/downloads/details.aspx?familyid=F6328F82-457E -44CB-95FB-2DB0E8C9EE3C&displaylang=en
Microsoft Windows Server 2003 Enterprise Edition
-
Microsoft Vulnerability in ART Image Rendering Could Allow Remote Code Execution in Internet Explorer for Wind
http://www.microsoft.com/downloads/details.aspx?familyid=56DF0CF2-9214 -4B23-9034-C59E8B7126D6
Microsoft Windows XP Home SP2
-
Microsoft Vulnerability in ART Image Rendering Could Allow Remote Code Execution in Internet Explorer for Wind
http://www.microsoft.com/downloads/details.aspx?familyid=71022EA1-94CB -4FE9-B89E-46876D068B9A&displaylang=en
Microsoft Windows XP Tablet PC Edition SP2
-
Microsoft Vulnerability in ART Image Rendering Could Allow Remote Code Execution in Internet Explorer for Wind
http://www.microsoft.com/downloads/details.aspx?familyid=71022EA1-94CB -4FE9-B89E-46876D068B9A&displaylang=en
Microsoft Windows XP Media Center Edition SP1
-
Microsoft Vulnerability in ART Image Rendering Could Allow Remote Code Execution in Internet Explorer 6 Servic
http://www.microsoft.com/downloads/details.aspx?familyid=F6328F82-457E -44CB-95FB-2DB0E8C9EE3C&displaylang=en
Microsoft Windows Server 2003 Web Edition
-
Microsoft Vulnerability in ART Image Rendering Could Allow Remote Code Execution in Internet Explorer for Wind
http://www.microsoft.com/downloads/details.aspx?familyid=56DF0CF2-9214 -4B23-9034-C59E8B7126D6
Microsoft Windows XP Home SP1
-
Microsoft Vulnerability in ART Image Rendering Could Allow Remote Code Execution in Internet Explorer 6 Servic
http://www.microsoft.com/downloads/details.aspx?familyid=F6328F82-457E -44CB-95FB-2DB0E8C9EE3C&displaylang=en
Microsoft Windows XP Professional x64 Edition
-
Microsoft Vulnerability in ART Image Rendering Could Allow Remote Code Execution in Internet Explorer for Wind
http://www.microsoft.com/downloads/details.aspx?familyid=A386523E-96AB -43ED-B189-E13AF497B685
Microsoft Windows Server 2003 Web Edition SP1
-
Microsoft Vulnerability in ART Image Rendering Could Allow Remote Code Execution in Internet Explorer for Wind
http://www.microsoft.com/downloads/details.aspx?familyid=56DF0CF2-9214 -4B23-9034-C59E8B7126D6
Microsoft Windows Server 2003 Enterprise Edition Itanium 0
-
Microsoft Vulnerability in ART Image Rendering Could Allow Remote Code Execution in Windows Server 2003 64-bit
http://www.microsoft.com/downloads/details.aspx?familyid=5E1B95C3-7E75 -4468-829C-1DC7B4ECE5D0&displaylang=en
Microsoft Windows Server 2003 Standard Edition SP1
-
Microsoft Vulnerability in ART Image Rendering Could Allow Remote Code Execution in Internet Explorer for Wind
http://www.microsoft.com/downloads/details.aspx?familyid=56DF0CF2-9214 -4B23-9034-C59E8B7126D6
Microsoft Internet Explorer 6.0 SP1
-
Microsoft Vulnerability in ART Image Rendering Could Allow Remote Code Execution in Internet Explorer 6 Servic
http://www.microsoft.com/downloads/details.aspx?familyid=F6328F82-457E -44CB-95FB-2DB0E8C9EE3C&displaylang=en
Microsoft Windows Server 2003 Standard Edition
-
Microsoft Vulnerability in ART Image Rendering Could Allow Remote Code Execution in Internet Explorer for Wind
http://www.microsoft.com/downloads/details.aspx?familyid=56DF0CF2-9214 -4B23-9034-C59E8B7126D6
Microsoft Windows XP Professional SP2
-
Microsoft Vulnerability in ART Image Rendering Could Allow Remote Code Execution in Internet Explorer for Wind
http://www.microsoft.com/downloads/details.aspx?familyid=71022EA1-94CB -4FE9-B89E-46876D068B9A&displaylang=en
Microsoft Windows Server 2003 Datacenter Edition Itanium SP1
-
Microsoft Vulnerability in ART Image Rendering Could Allow Remote Code Execution in Windows Server 2003 64-bit
http://www.microsoft.com/downloads/details.aspx?familyid=5E1B95C3-7E75 -4468-829C-1DC7B4ECE5D0&displaylang=en
Microsoft Windows Server 2003 Standard x64 Edition
-
Microsoft Vulnerability in ART Image Rendering Could Allow Remote Code Execution in Internet Explorer for Wind
http://www.microsoft.com/downloads/details.aspx?familyid=4DC13B7C-01AB -4BB6-9766-0FE0D02E410D&displaylang=en
Microsoft Windows Server 2003 Enterprise x64 Edition
-
Microsoft Vulnerability in ART Image Rendering Could Allow Remote Code Execution in Internet Explorer for Wind
http://www.microsoft.com/downloads/details.aspx?familyid=4DC13B7C-01AB -4BB6-9766-0FE0D02E410D&displaylang=en
Microsoft Windows XP Professional SP1
-
Microsoft Vulnerability in ART Image Rendering Could Allow Remote Code Execution in Internet Explorer 6 Servic
http://www.microsoft.com/downloads/details.aspx?familyid=F6328F82-457E -44CB-95FB-2DB0E8C9EE3C&displaylang=en
Microsoft Windows Server 2003 Datacenter Edition Itanium 0
-
Microsoft Vulnerability in ART Image Rendering Could Allow Remote Code Execution in Windows Server 2003 64-bit
http://www.microsoft.com/downloads/details.aspx?familyid=5E1B95C3-7E75 -4468-829C-1DC7B4ECE5D0&displaylang=en
References
Microsoft Windows Malformed ART Image Remote Code Execution Vulnerability
References:
References:
- Microsoft Security Bulletin MS06-022 (Microsoft)
- iDefense Security Advisory 06.13.06: Microsoft Internet Explorer ART File Heap C (labs-no-reply
)