Microsoft GDI+ ICO File Divide By Zero Bug Lets Remote Users Deny Service
SecurityTracker Alert ID: 1018202|
SecurityTracker URL: http://securitytracker.com/id/1018202
(Links to External Site)
Date: Jun 7 2007
Denial of service via network|
Vendor Confirmed: Yes Exploit Included: Yes |
Version(s): XP, XP SP1, XP SP2|
A vulnerability was reported in Microsoft GDI+. A remote user can cause denial of service conditions.|
A remote user can create a specially crafted '.ico' file that, when processed by the target user, will trigger a divide by zero error and cause the target application to crash.
An ICO file with a specially crafted InfoHeader Height value viewed or previewed via Windows Explorer or Windows Picture and Fax Viewer can trigger a crash.
Version 5.1.3102.2180 of 'GdiPlus.dll' is affected.
Windows Vista is not affected.
The vendor was notified on May 3, 2007.
The original advisory is available at:
Peter Kruse of CSIS Security Group reported this vulnerability. CSIS Security Group discovered this vulnerability.
A remote user can create a file that, when processed by the target user, will cause the target application to crash.|
No solution was available at the time of this entry.|
Microsoft plans to issue a fix in the next service pack.
Vendor URL: www.microsoft.com/ (Links to External Site)
Source Message Contents
Subject: Integer division by zero flaw in Microsoft GDI+|
Integer division by zero flaw in Microsoft GDI+
CSIS Security Group has discovered an "Integer division by zero" flaw in
the GDI+ component affecting all versions of Microsoft Windows XP. This
condition are activated when a malformed ICO file are viewed through
either Windows Explorer or other components like "Windows Picture and
Fax Viewer". The flaw triggers by preview, it's not neccessary to click
the specially crafted .ico file.
The consequence of this flaw is a Denial of Service condition and doing
a restart of the explorer process.
Further exploitation has not been verified.
Microsoft has acknowledged the issue and will provide a fix with next
servicepack. Since this is a long timeframe for a security fix we have
decided to release this advisory before a fix is available.
The full advisory can be downloaded at the following link:
Med venlig hilsen // Kind Regards
Security- and virusanalyst
CSIS Security Group
Vestergade 14 * 8660 Skanderborg
Tel.: +45 8813 6030 * Mobile: +45 2849 0532
Fax: +45 2817 6030 * Email: firstname.lastname@example.org
Fingerprint: F3D3 A074 5217 BDD1 C7EB
72C8 710B 0E8B 790B 1ED6
The information contained in this email may be confidential and/or
legally privileged. It has been sent for the sole use of the intended
recipient(s). If the reader of this message is not an intended
recipient, you are hereby notified that any unauthorized review, use,
disclosure, dissemination, distribution, or copying of this
communication, or any of its contents, is strictly prohibited. If you
have received this communication in error, please contact CSIS by reply
email and destroy all copies of the original message.