Signature Detail

HTTP: Microsoft Internet Explorer Malformed GIF File Denial of Service

This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. A successful attack can result in a denial-of-service condition. This is an old issue and current versions of the browser are immune to it.

Extended Description

Microsoft Internet Explorer is reported prone to a double free memory corruption vulnerability when processing a malformed GIF image file. This vulnerability may potentially be exploited to execute arbitrary code in the context of the currently logged in user. Exploitation attempts could also cause a denial of service. To exploit this issue, an attacker could create a malicious GIF file and entice a user to view the file through Internet Explorer. Other applications that support the GIF format may also be affected, though this has not been confirmed. An attacker could exploit this issue through various means, such as enticing a user to visit a Web page that references the malicious file or through HTML email.

Affected Products

• Microsoft Internet Explorer 5.0.1
• Microsoft Internet Explorer 5.0.1 SP1
• Microsoft Internet Explorer 5.0.1 SP2
• Microsoft Internet Explorer 5.0.1 SP3
• Microsoft Internet Explorer 5.0.1 SP4
• Microsoft Internet Explorer 5.5
• Microsoft Internet Explorer 5.5 SP1
• Microsoft Internet Explorer 5.5 SP2
• Microsoft Internet Explorer 6.0
• Microsoft Internet Explorer 6.0 SP1
• Microsoft Outlook 2000 SP2
• Microsoft Outlook 2000 SP3
• Microsoft Outlook 2000 SR1
• Microsoft Outlook 2000
• Microsoft Outlook 2002 SP1
• Microsoft Outlook 2002 SP2
• Microsoft Outlook 2002
• Microsoft Outlook XP

References

• BugTraq: 8530
• CVE: CVE-2003-1048