CVE-2008-0078

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 5.01, 6 SP1, 6 SP2, and 7

Description The issue allows remote attackers to execute arbitrary code via a crafted image. A remote code execution vulnerability exists in the way Internet Explorer handles argument validation in image processing. An attacker could exploit the vulnerability by constructing a specially crafted Web page, which could allow remote code execution when a user views the Web page. An attacker who successfully exploited this issue could gain the same user rights as the logged on user.

Recommendations For Microsoft Internet Explorer version 5.01, update to a newer version to mitigate the risk. For Microsoft Internet Explorer version 6 SP1, update to a newer version to mitigate the risk. For Microsoft Internet Explorer version 6 SP2, update to a newer version to mitigate the risk. For Microsoft Internet Explorer version 7, update to a newer version to mitigate the risk.