Microsoft GDI Buffer Overflow in Processing EMF and WMF Files Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1019798 |
|
SecurityTracker URL: http://securitytracker.com/id/1019798
|
|
CVE Reference:
CVE-2008-1083, CVE-2008-1087
(Links to External Site)
|
Date: Apr 8 2008
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 2000 SP4, 2003 SP2, XP SP2, Vista SP1, 2008; and prior service packs
|
Description:
Two vulnerabilities were reported in Microsoft GDI. A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create a specially crafted EMF or WMF image file that, when loaded by the target user, will trigger a buffer overflow and execute arbitrary code on the target system. The code will run with the privileges of the target user.
A specially crafted EMF or WMF image file can trigger a heap overflow in performing integer calculations [CVE-2008-1083].
An EMF file with specially crafted filename parameters can trigger a stack overflow [CVE-2008-1087].
Jun Mao of iDefense Labs, Sebastian Apelt of Zero Day Initiative, Thomas Garnier of SkyRecon, and Yamata Li reported these vulnerabilities.
|
Impact:
A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
|
Solution:
The vendor has issued the following fixes.
Microsoft Windows 2000 Service Pack 4:
http://www.microsoft.com/downloads/details.aspx?familyid=caac000a-22b6-48cb-aa00-1a0bfe886de2
Windows XP Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=c2763dd8-a03e-4a48-aa86-a7ec00250a7a
Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=166f2ab5-913c-47a9-86fe-b814797b751e
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=bee91d80-d49a-4d3d-82d6-d5aa63f54979
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=e3dde449-e062-4ce0-a9f4-433bff23e224
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=7886a802-f2b5-489c-b14b-631f4c4c0742
Windows Vista and Windows Vista Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=9b51deb8-3873-4146-977f-7e3d0840a4c5
Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=4ad6dcd1-6ea5-43bf-8bee-a5f507beadc6
Windows Server 2008 for 32-bit Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=006d5c47-53e6-4ee1-932c-497611804938
Windows Server 2008 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=8909f144-655b-4f07-916f-fd967f1efb2b
Windows Server 2008 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=b7771a4a-4e4f-48d1-8551-bb8b778ca5a7
A restart is required.
The Microsoft advisory is available at:
http://www.microsoft.com/technet/security/bulletin/ms08-021.mspx
|
Vendor URL: www.microsoft.com/technet/security/bulletin/ms08-021.mspx (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 8 Apr 2008 14:44:22 -0400
Subject: Microsoft Security Bulletin MS08-021 Critical: Vulnerability in GDI Could Allow Remote Code Execution (948590)
|
http://www.microsoft.com/technet/security/bulletin/ms08-021.mspx
CVE-2008-1083
CVE-2008-1087
|
|
