https://www.exploit-db.com/exploits/25991
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200508-090

MicrosoftInternetExplorer是非常流行的WEB浏览器。MicrosoftInternetExplorer浏览器所使用的JPEG图形渲染库中存在缓冲区溢出漏洞，成功的攻击可以导致执行任意代码。起因是拷贝操作之前没有执行正确的边界检查。攻击者可以通过创建随机的浏览器输入来利用这个漏洞。

source: http://www.securityfocus.com/bid/14282/info

Microsoft Internet Explorer is prone to a buffer overflow vulnerability in the JPEG image rendering library used by the browser. This issue is due to a failure of the application to properly bounds check input data prior to copying it to a fixed size memory buffer.

This issue was identified by creating random input for the browser, and has not been researched further at this time. This BID will be updated as further information is disclosed.

Successful exploitation may result in execution of arbitrary code in the context of the user executing the affected browser. 

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/25991.jpg

来源:US-CERT
名称:TA05-221A
链接:http://www.us-cert.gov/cas/techalerts/TA05-221A.html
来源:US-CERT
名称:VU#965206
链接:http://www.kb.cert.org/vuls/id/965206
来源:MS
名称:MS05-038
链接:http://www.microsoft.com/technet/Security/bulletin/ms05-038.mspx
来源:SECUNIA
名称:16373
链接:http://secunia.com/advisories/16373/
来源:VUPEN
名称:ADV-2005-1353
链接:http://www.frsirt.com/english/advisories/2005/1353
来源:
来源:USGovernmentResource:oval:org.mitre.oval:def:390
名称:oval:org.mitre.oval:def:390
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:390
来源:USGovernment
名称:oval:org.mitre.oval:def:1335
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1335
来源:USGovernment
名称:oval:org.mitre.oval:def:1216
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1216
来源:USGovernment
名称:oval:org.mitre.oval:def:1140
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1140