Microsoft GDI Buffer Overflow in Processing EMF and WMF Files Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1019798
|
|
SecurityTracker URL: http://securitytracker.com/id?1019798
|
|
CVE Reference: CVE-2008-1083
, CVE-2008-1087
(Links to External Site)
|
Date: Apr 8 2008
|
Impact: Execution of arbitrary code via network, User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: Microsoft Security Bulletin
|
Version(s): 2000 SP4, 2003 SP2, XP SP2, Vista SP1, 2008; and prior service packs
|
Description: Two vulnerabilities were reported in Microsoft GDI. A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create a specially crafted EMF or WMF image file that, when loaded by the target user, will trigger a buffer overflow
and execute arbitrary code on the target system. The code will run with the privileges of the target user.
A specially crafted
EMF or WMF image file can trigger a heap overflow in performing integer calculations [CVE-2008-1083].
An EMF file with specially
crafted filename parameters can trigger a stack overflow [CVE-2008-1087].
Jun Mao of iDefense Labs, Sebastian Apelt of Zero Day
Initiative, Thomas Garnier of SkyRecon, and Yamata Li reported these vulnerabilities.
|
Impact: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
|
Solution: The vendor has issued the following fixes.
Microsoft Windows 2000 Service Pack 4:
http://www.microsoft.com/downloads/details.aspx?familyid=caac000a-22b6-48cb-aa00-1a
0bfe886de2
Windows XP Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=c2763dd8-a03e-4a48-aa86-a7ec00250a7a
Windows
XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=166f2ab5-913c-47a9-86fe-b8
14797b751e
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=bee91d80-d49a-4d3d-82
d6-d5aa63f54979
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=e3dde44
9-e062-4ce0-a9f4-433bff23e224
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium
based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=7886a802-f2b5-489c-b14b-631f4c4c0742
Windows Vista
and Windows Vista Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=9b51deb8-3873-4146-977f-7e3d0840a4c5
Windows
Vista x64 Edition and Windows Vista x64 Edition Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=4ad6dcd1-6ea5-43bf-8bee-a5f507beadc6
Window
s Server 2008 for 32-bit Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=006d5c47-53e6-4ee1-932c-497611804938
Windows
Server 2008 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=8909f144-655b-4f07-916f-fd967f1efb2b
Windows
Server 2008 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=b7771a4a-4e4f-48d1-8551-bb8b778ca5a7
A
restart is required.
The Microsoft advisory is available at:
http://www.microsoft.com/technet/security/bulletin/ms08-021.mspx
|
Vendor URL: www.microsoft.com/technet/security/bulletin/ms08-021.mspx (Links to External Site)
|
Cause: Boundary error
|
Underlying OS: Windows (2000), Windows (2003), Windows (2008), Windows (Vista), Windows (XP)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 8 Apr 2008 14:44:22 -0400
Subject: Microsoft Security Bulletin MS08-021 Critical: Vulnerability in GDI Could Allow Remote Code Execution (948590)
|
http://www.microsoft.com/technet/security/bulletin/ms08-021.mspx
CVE-2008-1083
CVE-2008-1087
|
|
