Microsoft Windows CE Pocket Internet Explorer PNG Denial of Service Vulnerability
TITLE: Microsoft Windows CE Pocket Internet Explorer PNG Denial of Service Vulnerability
CLASS: Unknown
CVE:
REMOTE: Yes
LOCAL: No
PUBLISHED: May 27 2005 12:00AM
UPDATE: May 27 2005 12:00AM
CREDIT: The vendor disclosed this issue.Ollie Whitehouse is credited with reporting this issue as a security vulnerability.
VULNERABLE:
Microsoft Windows CE 4.2NOT VULNERABLE:
Vai alla pagina originale su Security Focus
Discussion
Windows CE Pocket Internet Explorer is vulnerable to a denial-of-service vulnerability.
An attacker can exploit this issue to cause and exception which may crash the browser.
Windows CE 4.2 is vulnerable; other versions may also be affected.
Exploit
To exploit this issue, an attacker must entice an unsuspecting user to open a webpage containing a specially crafted PNG file.
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com
Solution
Solution:
The vendor recognizes this issue as a bug and has released a fix. Please see the references section for further information.
References
References:
- FIX: An exception may occur when Pocket Internet Explorer loads PNG format image (Microsoft)
- KB837392 - How to locate core operating system fixes for Microsoft Windows CE Pl (Microsoft)
- Microsoft Windows CE Homepage (Microsoft)
- The Elephant Under the Carpet (and when I say "carpet" I mean PDA) (Ollie Whitehouse)