The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

computer vulnerability note CVE-2006-2378

Windows, IE: code execution via an AOL ART image

Synthesis of the vulnerability

An attacker can create a malicious ART image leading to code execution.
Impacted systems: IE, Windows 2000, Windows 2003, Windows 98, Windows ME, Windows XP.
Severity of this alert: 4/4.
Consequences of an intrusion: user access/rights.
Pirate's origin: document.
Creation date: 14/06/2006.
Références of this alert: 918439, BID-18394, CVE-2006-2378, iDefense Security Advisory 06.13.06, MS06-022, VIGILANCE-VUL-5909, VU#923236.

Description of the vulnerability

The ART image format, developed by AOL, is implemented in jgdw400.dll and jgpl400.dll DLLs of Windows.

An attacker can create an ART image corrupting memory when rendered. This memory corruption leads to code execution with a probability of 75%.

An attacker can therefore invite user to go to a website, or send him an email, containing this image. Malicious code can then be executed on user's computer.
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides application vulnerability alerts. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce vulnerability database contains several thousand vulnerabilities. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.