Alert

Multiple Vulnerabilities in Systems Running Microsoft Windows

Last Revised
Alert Code
SA04-212A

Systems Affected

  • Microsoft Windows systems; specifically, some versions of the following programs:
    • Microsoft Windows NT
    • Microsoft Windows 2000
    • Microsoft Windows XP
    • Microsoft Windows Server 2003
    • Microsoft Windows 98
    • Microsoft Windows Millennium Edition
    • Microsoft Internet Explorer 5
    • Microsoft Internet Explorer 6

Overview

Microsoft has reported two vulnerabilities in the way Internet Explorer
processes certain types of images. Attackers may be able to gain control
of your machine if you view a malicious image, visit a web page, or open
an email message that contains these images.

Microsoft has also published an update to address the cross-domain
vulnerability discussed in SA04-163A.
This vulnerability may allow an attacker to alter a web site to point to a
different location. If the attacker can convince you to visit the site,
they may be able to gain control of your machine.

Solution

Apply a patch

Microsoft has issued updates that resolve this problem. Obtain the
appropriate update from Windows Update

Use caution with email attachments

Never open unexpected email attachments. Before opening an attachment,
save it to a disk and scan it with anti-virus software. Make sure to
turn off the option to automatically download attachments.

View email messages in plain text

Email programs like Outlook and Outlook Express interpret HTML code
the same way that Internet Explorer does. Attackers may be able to
take advantage of that by sending malicious HTML-formatted email
messages.

Maintain updated anti-virus software

It is important that you use anti-virus software and keep it up to
date. Most anti-virus software vendors frequently release updated
information, tools, or virus databases to help detect and recover from
virus infections. Many anti-virus packages support automatic updates
of virus definitions. US-CERT recommends using these automatic updates
when possible.

Description

In Microsoft
Security Bulletin MS04-025
, Microsoft describes a critical
vulnerability in the way Internet Explorer processes .GIF and .BMP
images. An attacker can use malicious images on a web page or in
HTML-formatted email messages. If the attacker can convince a user to
visit the web page, open the message, or otherwise view the image, the
attacker may be able to gain control of the user's machine.

There is also a vulnerability in the way Internet Explorer processes
scripts. An attacker may be able to take advantage of frames to
redirect users to a malicious web site.

More technical information about this issue is available in TA04-212A
and Microsoft
Security Bulletin MS04-025
.


References


Author: Mindi McDowell. Feedback can be directed to the US-CERT
Technical Staff.

Copyright 2004 Carnegie Mellon University.
Terms of use

Revision History

  • July 30, 2004: Initial release

Last updated

This product is provided subject to this Notification and this Privacy & Use policy.