HTTP: JPEG Underrun
This anomaly triggers when a malformed JPEG file is detected with a marker header size of 0 or 1. Microsoft Internet Explorer is vulnerable. Attackers can craft a malicious JPEG file that, when viewed in an IE Web browser, enables attackers to remotely execute arbitrary code, with user privileges on the IE user's computer or create a denial-of-service condition.
Extended Description
Microsoft (Graphics Device Interface) GDI+ JPEG handler is reported prone to an integer underflow vulnerability when handling JPEG format images. This issue presents itself due to a lack of sufficient sanity checks performed on certain JPEG data before this data employed as a bounds value for a memory copy operation. A specially crafted JPEG image may trigger this vulnerability and result in the execution of arbitrary attacker-supplied code. Code execution would occur in the context of the user who is running the vulnerable software. **Update: This issue is similar in nature to BID 1503, discovered by Solar Designer. ** An exploit that opens a command shell on the local vulnerable system as soon as the image is viewed has been released. Symantec has confirmed that this exploit code is functional. It is important to note that this exploit could potentially be modified to execute other code on the system. Administrators should remain vigilant and patch all vulnerable systems.
Affected Products
Avaya s3400_message_application_server,Microsoft outlook_2002
Short Name
HTTP:STC:IMG:JPEG-UNDERRUN
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2004-0200 CVE-2017-16392 JPEG MS04-028 Underrun bid:11173
Release Date
11/07/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3339
False Positive
Unknown
Vendors
Business_objects
Microsoft
Avaya
CVSS Score
9.3