Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: MS06-022: buffer overflow in ART image rendering library - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
MS06-022: buffer overflow in ART image rendering library
MS06-022 - KB 918439

ART is an image file format (yep, image formats are still popular reasearch topics for hackers it seems). The format is used by AOL.

The impact of this is that users logged in with administrative rights can be exploited with remote code execution.

Microsoft rates this vulnerability as critical.

The patch removes support for ART image files from MSIE, as such they will not be rendered any longer.

It's interesting to note that the image library is an optional install on windows 2000.

Workarounds:
  • Do not login as administrator or with an account with administative rights, it's dangerous.
  • Consider switching to an alternative browser, they work really well and it makes the lives of the hackers harder is not all of us use the same browser with the same vulnerabilities.

--
Swa Frantzen -- section 66


Swa

760 Posts

Sign Up for Free or Log In to start participating in the conversation!