Intrusion Prevention

MS.Windows.GRE.BMP.File.Parsing.Integer.Overflow

Description

This indicates an attempt to exploit a Buffer Overflow in Mozilla based browsers.
The vulnerability is in the bitmap decoder of certain versions of Mozilla based browsers. The affected decoder is invoked whenever the application displays a BMP image. Since the decoder places no limit on the width or height of the image, a malformed image can cause a buffer overflow condition in the application.

Affected Products

Mozilla Firefox 0.9.3 and prior.
Mozilla 1.7.2 and prior.
Mozilla Thunderbird 0.7.3 and prior.

Impact

System Compromise: Remote attackers can execute arbitrary code on vulnerable systems.

Recommended Actions

Apply the appropriate patches or upgrade the software to the latest non-vulnerable version.

CVE References

CVE-2004-0904