HTTP: Microsoft Internet Explorer Malformed GIF File Denial of Service
This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. A successful attack can result in a denial-of-service condition. This is an old issue and current versions of the browser are immune to it.
Extended Description
Microsoft Internet Explorer is reported prone to a double free memory corruption vulnerability when processing a malformed GIF image file. This vulnerability may potentially be exploited to execute arbitrary code in the context of the currently logged in user. Exploitation attempts could also cause a denial of service. To exploit this issue, an attacker could create a malicious GIF file and entice a user to view the file through Internet Explorer. Other applications that support the GIF format may also be affected, though this has not been confirmed. An attacker could exploit this issue through various means, such as enticing a user to visit a Web page that references the malicious file or through HTML email.
Affected Products
Microsoft internet_explorer
Short Name
HTTP:STC:IE:MAL-GIF-DOS
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2003-1048 Denial Explorer File GIF Internet Malformed Microsoft Service bid:8530 of
Release Date
12/18/2012
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3339
False Positive
Unknown
Vendors
Microsoft
CVSS Score
10.0