SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Windows Kernel Vendors:   Microsoft
Microsoft Windows LoadImage API Buffer Overflow Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1012684
SecurityTracker URL:  http://securitytracker.com/id/1012684
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Dec 24 2004
Impact:   Execution of arbitrary code via network, User access via network
Exploit Included:  Yes  
Version(s): XP SP2 is not affected
Description:   An integer overflow vulnerability was reported in Microsoft Windows in the LoadImage API. A remote user can execute arbitrary code.

VENUSTECH Security Lab reported that a remote user can create a specially crafted image file that, when processed by the target user, will trigger an overflow in the USER32 library LoadImage API and execute arbitrary code. The code will run with the privileges of the target user.

The API does not properly validate the user supplied size field. An image size value of between 0xfffffffc and 0xffffffff can trigger the integer overflow.

The file can be in a bmp, cur, ico, or ani format.

A demonstration exploit is available at:

http://www.xfocus.net/flashsky/icoExp/index.html

Flashsky (fangxing at venustech.com.cn) is credited with discovering this flaw.

Impact:   A remote user can cause arbitrary code to be executed on the target user's system.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.microsoft.com/ (Links to External Site)
Cause:   Boundary error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC