Microsoft Internet Explorer Malformed GIF Double Free Code Execution Vulnerability

Microsoft Internet Explorer is reported prone to a double free memory corruption vulnerability when processing a malformed GIF image file. This vulnerability may potentially be exploited to execute arbitrary code in the context of the currently logged in user. Exploitation attempts could also cause a denial of service.

To exploit this issue, an attacker could create a malicious GIF file and entice a user to view the file through Internet Explorer. Other applications that support the GIF format may also be affected, though this has not been confirmed.

An attacker could exploit this issue through various means, such as enticing a user to visit a Web page that references the malicious file or through HTML email.


Privacy Statement
Copyright 2010, SecurityFocus