IE, MSN Messenger vulnerable to image attack

SecurityFocus, a specialist security Web site, published an advisory on Saturday describing a vulnerability in the way Microsoft's IE browser and its MSN Messenger client handles International Colour Consortium (ICC) Profiles. ICC is an international colour management system that allows the same colours to be described in a number of operating systems and applications.

According to the advisory: "Both Microsoft Internet Explorer and MSN Instant Messenger can be crashed if image data with malformed embedded ICC profile data is processed. The condition is likely due to an integer handling error."

A spokesperson from Sydney-based security specialists Pure Hacking, said that if a vulnerable user opens a specially crafted image file, they could allow arbitrary code to be executed on their computer.

"If MSN Messenger or IE opened an image, according to this advisory, it would be possible to at least crash it -- it would have to be a malformed image and designed to do that," the spokesperson said.

Additionally, the vulnerability could be used to spread a worm: "If it all holds true, it may be possible to create a worm to take advantage of the vulnerability - but only if it is possible to execute code [on the vulnerable system] -- which, at this stage, hasn't be done -- there hasn't been a proof of concept, yet," the spokesperson said.

Last October, Microsoft released a patch to fix a similar vulnerability that affected Windows and a number of its other applications. At the time, experts said the potential for attack was "very high".