SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   NetObjects Fusion Vendors:   Website Pros
(Website Pros Issues Fix for NetObjects Fusion) Microsoft GDI+ Buffer Overflow in Processing JPEG Images Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1011971
SecurityTracker URL:  http://securitytracker.com/id/1011971
CVE Reference:   CVE-2004-0200   (Links to External Site)
Date:  Oct 28 2004
Impact:   Execution of arbitrary code via local system, Execution of arbitrary code via network, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 8.x, prior to 8.00.0000.5030
Description:   A buffer overflow vulnerability in the processing of JPEG image formats was reported in the GDI+ code in several Microsoft operating systems and applications. A remote user can execute arbitrary code on the target system. NetObjects Fusion is affected.

Microsoft reported that a remote user can create a specially crafted JPEG image that, when processed by an affected component, will execute arbitrary code on the target system. The code will run with the privileges of the calling application.

Windows XP, Windows XP Service Pack 1, and Windows Server 2003 are vulnerable by default, but other operating systems may be affected if certain vulnerable components have been installed, such as Microsoft .NET Framework and various 3rd party applications.

Affected applications include Office XP (Outlook, Word, Excel, PowerPoint, FrontPage, Publisher), Office 2003 (Outlook, Word, Excel, PowerPoint, FrontPage, Publisher, InfoPath, OneNote), Microsoft Project, Microsoft Visio, Microsoft Visual Studio .NET (Visual Basic .NET Standard, Visual C# .NET Standard, Visual C++ .NET Standard, Visual J# .NET Standard), Microsoft .NET Framework, Microsoft Picture It!, Microsoft Greetings, Microsoft Digital Image Pro, Microsoft Digital Image Suite, Microsoft Producer for Microsoft Office PowerPoint, Microsoft Platform SDK Redistributable: GDI+, and Internet Explorer 6.

Microsoft credits Nick DeBaggis with reporting this flaw.

The original advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms04-028.mspx

Impact:   A remote user can execute arbitrary code on the target system with the privileges of the target user or process.
Solution:   Website Pros has issued a fixed version (8.00.0000.5030) of NetObjects Fusion, which is affected by this vulnerability, available at:

http://netobjects.com/update/installer/v_0000/NOF8_Update2.exe

Vendor URL:  www.netobjects.com/support/html/produpnfnof8.html (Links to External Site)
Cause:   Boundary error

Message History:   This archive entry is a follow-up to the message listed below.
Sep 14 2004 Microsoft GDI+ Buffer Overflow in Processing JPEG Images Lets Remote Users Execute Arbitrary Code



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC