COMMAND
	IE remote buffer overflow via XBM graphics
SYSTEMS AFFECTED
	IE 6.0
PROBLEM
	Adam Baszczyk [http://www.mykakee.com] [http://www.sztolnia.pl] says :
	Internet Explorer [only 6.0] allows the usage of XBM graphic  files  and
	tries to display them whenever they're used in any  HTML  file  [as  IMG
	tag] or when attached to an e-mail.
	XBM structure is very easy it is a text  file  with  C-like  syntax  and
	f.ex. looks like
	
	#define picture_width ?? // picture width
	#define picture_height ?? // picture width height
	static unsigned char picture_bits[] = { //hex picture data
	  );
	
	IE doesn't check properly the content of XBM files  and  you  may  force
	the browser/e-mail client to hang up that will end up  in  their  silent
	exit because of the Access Violation exception [as shown  with  a  great
	help of windbg, it is generated inside mshtml.dll].
	IE doesn't check the width and height of the image,  so  you  may  write
	whatever you want and IE will try to interprete it, trying  to  allocate
	enough memory for an oversized buffer.
	When previewed f.ex. in Outlook  Express,  malformed  e-mail  may  force
	this client to exit (and others that rely on IE).
	For an example of such malformed e-mail download one  from  my  homepage
	and try to open by clicking it in Windows Explorer.
	
	http://www.sztolnia.pl/hack/xbmbug/xbmbug.eml
	
	Don't forget to run OE first :)
SOLUTION
	??