VULHUB ™

A heap corruption vulnerability has been reported for Microsoft Internet Explorer. The vulnerability is related to the way that Microsoft Internet Explorer interprets PNG image data. The function that handles the deflation of PNG images does not properly handle some invalid data within PNG image files. An attacker can exploit this vulnerability by tricking a user into viewing a maliciously constructed PNG image file. When the image file is rendered it will trigger the heap corruption condition and overwrite critical areas in memory. Any malicious attacker-supplied code will be executed with elevated privileges. It should be noted that applications which depend on MSIE to render PNG files are also affected.

A heap corruption vulnerability has been reported for Microsoft Internet Explorer. The vulnerability is related to the way that Microsoft Internet Explorer interprets PNG image data. The function that handles the deflation of PNG images does not properly handle some invalid data within PNG image files. An attacker can exploit this vulnerability by tricking a user into viewing a maliciously constructed PNG image file. When the image file is rendered it will trigger the heap corruption condition and overwrite critical areas in memory. Any malicious attacker-supplied code will be executed with elevated privileges. It should be noted that applications which depend on MSIE to render PNG files are also affected.