Microsoft flaws go from bad to verse

A flaw in some Microsoft software has moved a security expert to try his hand at poetry.

Engineers at eEye Digital Security spotted two separate vulnerabilities relating to the interpretation of Portable Network Graphics (PNG) image data.

They passed the information on to Microsoft, which has issued an advisory.

The highly complex vulnerabilities, one of which can be exploited to execute code when the malicious PNG image is viewed, moved eEye Digital's software engineer Derek Soeder to pen this festive verse, using the glitches as his muse.

'Twas the night before Christmas, and deep in IE
A creature was stirring, a vulnerability
MS02-066 was posted on the website with care
In hopes that Team eEye would not see it there

But the engineers weren't nestled all snug in their beds,
No, PNG images danced in their heads
And Riley at his computer, with Drew's and my backing
Had just settled down for a little PNG cracking

The poem and details of the exploit can be found here.

A security bulletin dealing with the flaw can be found here.

The fault can be fixed by applying Internet Explorer Service Pack 1.