Signature Detail
Short Name |
HTTP:STC:IE:MAL-JPEG |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft Internet Explorer Malformed JPEG File |
Release Date |
2010/09/22 |
Update Number |
1777 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Microsoft Internet Explorer Malformed JPEG File
This signature detects attempts to exploit a known vulnerability in Internet Explorer. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the user.
Extended Description
Microsoft Internet Explorer is prone to an unspecified denial of service vulnerability in the JPEG image rendering library used by the browser. This issue was identified by creating random input for the browser, and has not been researched further at this time. This BID will be updated as further information is disclosed. Successful exploitation results in crashing the affected Web browser. This vulnerability also reportedly consumes excessive CPU resources.
Affected Products
- Microsoft Internet Explorer 5.0.1
- Microsoft Internet Explorer 5.0.1 SP1
- Microsoft Internet Explorer 5.0.1 SP2
- Microsoft Internet Explorer 5.0.1 SP3
- Microsoft Internet Explorer 5.0.1 SP4
- Microsoft Internet Explorer 5.5
- Microsoft Internet Explorer 5.5 SP1
- Microsoft Internet Explorer 5.5 SP2
- Microsoft Internet Explorer 6.0
- Microsoft Internet Explorer 6.0 SP1
References
- BugTraq: 14284
- BugTraq: 14285
- BugTraq: 14286
- CVE: CVE-2005-2340
- CVE: CVE-2005-2308