|
Feeds -
Exploits
|
|
Written by redsand@blacksecurity.org
|
|
Thursday, 26 March 2009 22:53 |
Microsoft GDI+ EMF 'GpFont.SetData()' Buffer Overflow Vulnerability
-\\Bugtraq ID:
34250
-\\Class:
Boundary Condition Error
-\\CVE:
-\\Remote:
Yes
-\\Local:
No
-\\Published:
Mar 24 2009 12:00AM
-\\Updated:
Mar 26 2009 08:56PM
-\\Credit:
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
-\\Vulnerable:
Microsoft Windows XP Professional SP3
Microsoft Windows XP Professional SP2
Microsoft Windows XP Professional SP1
Microsoft Windows XP Professional
Microsoft Windows XP Media Center Edition SP3
Microsoft Windows XP Media Center Edition SP2
Microsoft Windows XP Media Center Edition SP1
Microsoft Windows XP Media Center Edition
Microsoft Windows XP Home SP3
Microsoft Windows XP Home SP2
Microsoft Windows XP Home SP1
Microsoft Windows XP Home
Microsoft Windows XP Gold 0
Microsoft Windows XP 0
-\\Discussion
Microsoft GDI+ is prone to a stack-based buffer-overflow vulnerability that occurs when an application
that uses the library tries to process a specially crafted EMF (Enhanced Metafile) image file.
Successfully exploiting this issue causes applications using the affected library to crash. Due to
the nature of this issue, attackers may be able to execute arbitrary code in the context of the
currently logged-in user; this has not been confirmed.
NOTE (March 25, 2009): Further investigation reveals that this issue is in fact a new issue and
has been assigned its own BID. Information that was added on March 24, 2009 to BID 31019
('Microsoft GDI+ EMF Image Processing Memory Corruption Vulnerability') is now provided
in this BID.
UPDATE (March 26, 2009): Further analysis indicates that successful exploits are unlikely to result
in remote code execution; the impact for this issue has been adjusted accordingly.
-\\Exploit(s)/PoC(s):
The following EMF file is available. Note that Symantec has not tested or verified this exploit.
Always use caution when handling exploits.
============================
http://www.securityfocus.com/data/vulnerabilities/exploits/voltage-exploit.emf
-\\Solution
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if
you are aware of more recent information, please mail us at:
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
.
-\\References(s)
--Microsoft GdiPlus EMF GpFont.SetData Integer Overflow
http://bl4cksecurity.blogspot.com/2009/03/microsoft-gdiplus-emf-gpfontsetdata.htm (
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
)
--Microsoft Homepage
http://www.microsoft.co (Microsoft)
|
