发布时间 :2004-04-11 00:00:00
修订时间 :2016-10-17 23:03:02

[原文]Microsoft Internet Explorer 5.5 and 6.0 allocates memory based on the memory size written in the BMP file instead of the actual BMP file size, which allows remote attackers to cause a denial of service (memory consumption) via a small BMP file with has a large memory size.

[CNNVD]Microsoft Internet Explorer 根据写入BMP的文件的内存大小,而不是实际BMP文件大小分配内存的漏洞(CNNVD-200404-011)

        Microsoft Internet Explorer 5.5和6.0版本根据写入BMP文件的内存大小,而不是实际BMP文件大小分配内存,远程攻击者借助一个有大内存的小BMP文件导致服务拒绝(内存消耗)。

- CVSS (基础分值)

CVSS分值: 2.6 [轻微(LOW)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:microsoft:ie:6.0Microsoft Internet Explorer 6.0
cpe:/a:microsoft:ie:5.5Microsoft ie 5.5

- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BUGTRAQ  20040411 Microsoft Internet Explorer BMP file memory DoS vulnerability

- 漏洞信息

Microsoft Internet Explorer 根据写入BMP的文件的内存大小,而不是实际BMP文件大小分配内存的漏洞
低危 未知
2004-04-11 00:00:00 2005-10-20 00:00:00
        Microsoft Internet Explorer 5.5和6.0版本根据写入BMP文件的内存大小,而不是实际BMP文件大小分配内存,远程攻击者借助一个有大内存的小BMP文件导致服务拒绝(内存消耗)。

- 公告与补丁


- 漏洞信息

Microsoft IE Crafted BMP Size Setting DoS
Remote / Network Access Denial of Service
Loss of Availability
Exploit Public

- 漏洞描述

Internet Explorer contains a flaw that may allow a remote denial of service. The issue is triggered when a crafted bitmap image file is loaded in Internet Explorer. This flaw exist because Internet Explorer checks the image size written in the bitmap and not the actual file size to allocate the necessary memory. It is possible to set a very large number (FFFFFFFF^2) for the bitmap file size that may consume all the available memory.

- 时间线

2004-04-11 Unknow
2004-04-11 Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue. The vendor reportedly plans to issue a fix as part of a subsequent Service Pack release.

- 相关参考

- 漏洞作者