Nemesis11
Power Member
Impact: A remote user can cause arbitrary code to be executed on the target user's computer when the target user's browser loads a specially crafted bitmap file. The code will run with the privileges of the target user.
Solution: No solution was available at the time of this entry.
The author states that this flaw was found by reviewing the recently leaked Microsoft Windows source code. The flaw reportedly resides in 'win2k/private/inet/mshtml/src/site/download/imgbmp.cxx'.
http://www.securitytracker.com/alerts/2004/Feb/1009067.html