Malformed Windows Metafiles Could Allow Arbitrary Code Execution

A new Windows metafile vulnerability was discovered in Microsoft Internet Explorer (IE). The vulnerability is caused by incorrect processing of image headers and could be exploited by remote intruders executing arbitrary code in the context of the currently logged-on user. The problem affects Windows 2000 with Service Pack 4 (SP4) and Windows Me. Systems that have IE 6.0 SP1 installed aren't affected. Microsoft issued an advisory"Vulnerability in Internet Explorer Could Allow Remote Code Execution,"that recommends installing IE 6.0 SP1.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.