ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Security threats Toolkit

IE and MSN Messenger open door for attackers

Munir Kotadia ZDNet Australia

Published: 18 Jul 2005 09:55 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Microsoft's Internet Explorer (IE) and MSN Messenger programs contain a security vulnerability that could be used by attackers to crash and possibly execute arbitrary code on a victim's system when they view a specially crafted image file.

SecurityFocus, a specialist security Web site, published an advisory on Saturday describing a vulnerability in the way IE and MSN Messenger client handles International Color Consortium (ICC) Profiles. ICC is an international colour management system that allows the same colours to be described in a number of operating systems and applications.

According to the advisory "both Microsoft Internet Explorer and MSN Instant Messenger can be crashed if image data with malformed embedded ICC profile data is processed. The condition is likely due to an integer handling error."

But according to iDefense, another security company, the flaws were patched last Tuesday.

A spokesperson from Sydney-based security specialists Pure Hacking, said that if a vulnerable user opens a specially crafted image file, they could allow arbitrary code to be executed on their computer.

"If MSN Messenger or IE opened an image, according to this advisory, it would be possible to at least crash it — it would have to be a malformed image and designed to do that," the spokesperson said.

Additionally, the vulnerability could be used to spread a worm: "If it all holds true, it may be possible to create a worm to take advantage of the vulnerability — but only if it is possible to execute code [on the vulnerable system] — which, at this stage, hasn't be done — there hasn't been a proof of concept, yet," the spokesperson said.

Last October, Microsoft released a patch to fix a similar vulnerability that affected Windows and a number of its other applications. At the time, experts said the potential for attack was "very high".

Munir Kotadia reported from Sydney for ZDNet Australia. For more ZDNet Australia stories, click here.

  • Email
  • Trackback
  • Clip Link
  • Print friendly Print with Dell

Did you find this article useful?
130 out of 259 people found this useful


Talkback

Post a comment


Full Talkback thread

3 comments

  1. I have a terrible thing on my pc, because of msn m... Marta
  2. What can one do if you discover when clicking on s... Anonymous
  3. We are caught up in the all mighty god the dollar... Ernest Baldwin

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:








Related Jobs

Support Engineer

Implementation of authorised system changes in support of international interoperability. Software support including: CSIS account creation, build ...

SAP PP Specialist - International Utilities firm - Southeast

Opportunity for an experienced SAP PP Specialist to join an international utilities firm based in the Southeast. PP candidates must be communicative, ...

Developer/Scientfic C,C++, Java, Perl Role. Plymouth, Salary neg

Union and international regulatory bodies on issues ranging from the ecosystem approach for management of the environment to ocean acidification and ...

Featured Talkback

What was achieved there is recognised to be of fundamental importance to both winning the war (Churchill visited to say 'thank you' to them) and the development of the computer. Maybe Bill Gates doesn't want to support this museum because it underlines where electronic computing started i.e. here, not the U.S.

By: 1000103773

Read full story:
Bletchley Park faces bleak future

Sentry Posts Blog

Skype - The Roach Motel

Here is an interesting article from The National Business Review, pointing out once again that you can never delete a Skype account. Never. Period. This is something I am familiar... More

Post a comment

The vPhone: Why Visa Should Go Mobile

The vPhone: Why Visa Should Go Mobile Author: Eric Everson, Founder MyMobiSafe.com With all of the success of Apple’s iPhone, there is a growing case to support a company like Visa... More

Post a comment

The Google Apple Merger: Fantasy or Fu...

The Google Apple Merger: Fantasy or Future? Author: Eric Everson, Founder MyMobiSafe.com Market research suggests that Microsoft controls upwards of 90% of the respective computer-based... More

2 comments

Featured Oracle Resources

businessfirst: Ideas to help small companies retain their successful entrepreneurial spirit

Oracle ONE Magazine: Technology solutions for midsized businesses February 2008 edition

Choosing a Reliable and Powerful IT Infrastructure at a Price You Can Afford

Database Consolidation: Reducing Cost and Complexity

Ensuring Data Protection for Growing Business

Oracle for medium and emerging businesses: protect, strengthen and enhance your organisation

Oracle partner network solutions catalogue

See All White Papers