SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Microsoft GDI+ Vendors:   Microsoft
Microsoft GDI+ ICO File Divide By Zero Bug Lets Remote Users Deny Service
SecurityTracker Alert ID:  1018202
SecurityTracker URL:  http://securitytracker.com/id/1018202
CVE Reference:   CVE-2007-2237   (Links to External Site)
Date:  Jun 7 2007
Impact:   Denial of service via network
Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): XP, XP SP1, XP SP2
Description:   A vulnerability was reported in Microsoft GDI+. A remote user can cause denial of service conditions.

A remote user can create a specially crafted '.ico' file that, when processed by the target user, will trigger a divide by zero error and cause the target application to crash.

An ICO file with a specially crafted InfoHeader Height value viewed or previewed via Windows Explorer or Windows Picture and Fax Viewer can trigger a crash.

Version 5.1.3102.2180 of 'GdiPlus.dll' is affected.

Windows Vista is not affected.

The vendor was notified on May 3, 2007.

The original advisory is available at:

http://www.csis.dk/dk/forside/GdiPlus.pdf

Peter Kruse of CSIS Security Group reported this vulnerability. CSIS Security Group discovered this vulnerability.

Impact:   A remote user can create a file that, when processed by the target user, will cause the target application to crash.
Solution:   No solution was available at the time of this entry.

Microsoft plans to issue a fix in the next service pack.

Vendor URL:  www.microsoft.com/ (Links to External Site)
Cause:   State error

Message History:   None.


 Source Message Contents

Subject:  Integer division by zero flaw in Microsoft GDI+

Integer division by zero flaw in Microsoft GDI+

CSIS Security Group has discovered an "Integer division by zero" flaw in
the GDI+ component affecting all versions of Microsoft Windows XP. This
condition are activated when a malformed ICO file are viewed through
either Windows Explorer or other components like "Windows Picture and
Fax Viewer". The flaw triggers by preview, it's not neccessary to click
the specially crafted .ico file.

The consequence of this flaw is a Denial of Service condition and doing
a restart of the explorer process.

Further exploitation has not been verified.

Microsoft has acknowledged the issue and will provide a fix with next
servicepack. Since this is a long timeframe for a security fix we have
decided to release this advisory before a fix is available.

The full advisory can be downloaded at the following link: 
http://www.csis.dk/dk/forside/GdiPlus.pdf


Med venlig hilsen // Kind Regards


Peter Kruse
Security- and virusanalyst
CSIS Security Group
http://www.csis.dk

Vestergade 14 * 8660 Skanderborg
Tel.: +45 8813 6030 * Mobile: +45 2849 0532
Fax: +45 2817 6030 * Email: pkr@csis.dk

PGP-ID: 0x790B1ED6
Fingerprint: F3D3 A074 5217 BDD1 C7EB
72C8 710B 0E8B 790B 1ED6

---
The information contained in this email may be confidential and/or
legally privileged. It has been sent for the sole use of the intended
recipient(s). If the reader of this message is not an intended
recipient, you are hereby notified that any unauthorized review, use,
disclosure, dissemination, distribution, or copying of this
communication, or any of its contents, is strictly prohibited. If you
have received this communication in error, please contact CSIS by reply
email and destroy all copies of the original message.
 


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC