Bulletin Summary - February 15, 2006

MS06-004
Cumulative Security Update for Internet Explorer (910620)
http://www.microsoft.com/technet/security/bulletin/MS06-004.mspx

Microsoft Severity Rating: Critical

Description
Only one vulnerability was announced as patched in this month's Internet Explorer cumulative patch (CVE-2006-0020). Similar to other recent updates for Internet Explorer, this is an image processing flaw that allows for remote code execution. The flavor of the month image is Windows Metafile (WMF). By falsely reporting the size of a WMF image, a specially-crafted WMF file could then have a larger-than-reported size, resulting in a buffer overflow from the WMF parsing code.

Attack vectors for this vulnerability include hosting a maliciously formed WMF file on a website, or sending a maliciously formed WMF file as an email attachment. Both methods will require some sort of user intervention, and both result in an elevation of privileges to the privileges of the user. This could be used as an attack vector for spyware and other malware.

This issue reportedly only affects Internet Explorer 5.01 on Windows 2000. It is speculated that this issue also affects older operating systems and older versions of Internet Explorer as well, but since these versions are no longer supported by Microsoft they are ommitted from the bulletin.

Recommendations
Although there is no published exploit of the flaw, there are some intricate details posted to mailing lists about the flaw itself. Because details of the flaw have been released, chances of this flaw being used in an attack increase, and eEye Digital Security highly recommends testing and installing this patch as soon as possible. If older, unsupported versions of Windows and Internet Explorer are later determined to be vulnerable, it is recommended that host-based intrusion preventions software be applied to systems running these versions.

Protect Your Assets