=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2006/VULN332
_____________________________________________________________________

DATE                      : 14/06/2006

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Windows.

======================================================================

MS06-022 - Vulnerability in ART Image Rendering Could Allow Remote
Code Execution (918439)

Affected Software:
	- Microsoft Windows XP Service Pack 1
	- Microsoft Windows XP Service Pack 2
	- Microsoft Windows XP Professional x64 Edition
	- Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
	- Microsoft Windows Server 2003 for Itanium-based Systems
	  and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
	- Microsoft Windows Server 2003 x64 Edition
	- Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE),
	  and Microsoft Windows Millennium Edition (Me)

Affected Components:
	- Windows 2000 with the Windows 2000 AOL Image Support Update installed
	- Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
	- Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4

Full MS06-022 advisory:
http://www.microsoft.com/technet/security/Bulletin/MS06-022.mspx

Vulnerability Details

ART Image Rendering Vulnerability - CVE-2006-2378

	There is a remote code execution vulnerability in the way that
	Windows handles ART images. An attacker could exploit the
	vulnerability by constructing a specially crafted ART image that
	could potentially allow remote code execution if a user visited
	a Web site or viewed a specially crafted e-mail message. An
	attacker who successfully exploited this vulnerability could
	take complete control of an affected system.

======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================