MS04-025 - More details on vulnerabilities
This update from the Internet Storm Center provides more details on the vulnerabilities corrected by the MS04-025 security udpate.
Microsoft Releases a Critical Patch for Internet Explorer
Today Microsoft released a patch to Internet Explorer that addresses critical vulnerabilities that may allow malicious sites to run arbitrary code on unpatched systems. These vulnerabilities have been known for some time. One of them was being actively exploited by the Scob/Ject attack that we described in:
Considering the severity of these vulnerabilities, we recommend installing this patch as soon as possible, and hope that you have a chance to consider this security bulletin before heading home for the weekend:
The following break-down of the vulnerabilities addressed by this security update is based on CVE database entries
CAN-2004-0566: Integer signedness error in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value.
CAN-2003-1048: mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code due to a malformed GIF image that triggers a buffer overflow.