MS06-022: buffer overflow in ART image rendering library

Published: 2006-06-13
Last Updated: 2006-06-13 17:56:17 UTC
by Swa Frantzen (Version: 1)
0 comment(s)
MS06-022 - KB 918439

ART is an image file format (yep, image formats are still popular reasearch topics for hackers it seems). The format is used by AOL.

The impact of this is that users logged in with administrative rights can be exploited with remote code execution.

Microsoft rates this vulnerability as critical.

The patch removes support for ART image files from MSIE, as such they will not be rendered any longer.

It's interesting to note that the image library is an optional install on windows 2000.

Workarounds:
  • Do not login as administrator or with an account with administative rights, it's dangerous.
  • Consider switching to an alternative browser, they work really well and it makes the lives of the hackers harder is not all of us use the same browser with the same vulnerabilities.

--
Swa Frantzen -- section 66


Keywords:
0 comment(s)

Comments


Diary Archives