Microsoft GDI+ EMF Image Integer Overflow Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1025335 |
|
SecurityTracker URL: http://securitytracker.com/id/1025335
|
|
CVE Reference:
CVE-2011-0041
(Links to External Site)
|
Date: Apr 12 2011
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): XP SP3, 2003 SP2, Vista SP2, 2008 SP2; and prior service packs
|
Description:
A vulnerability was reported in Microsoft GDI+. A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create a specially crafted EMF image file that, when loaded by the target user, will trigger an integer overflow and execute arbitrary code on the target system. The code will run with the privileges of the target user.
Microsoft Office XP SP3 is also affected.
Nicolas Joly and Chaouki Bekrar of VUPEN Threat Protection Program reported this vulnerability.
|
Impact:
A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
|
Solution:
The vendor has issued the following fixes:
Windows XP Service Pack 3:
http://www.microsoft.com/downloads/details.aspx?familyid=59266A9D-A319-4309-A046-7F15C6DA0136
Windows XP Professional x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=3797009A-B9A4-4E83-8614-E1589C8B5090
Windows Server 2003 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=FD284233-E177-4064-9B02-F83DCB727DBE
Windows Server 2003 x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=D5ADAF4E-4CD7-42EA-8202-31B5C856F5E3
Windows Server 2003 with SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=72A513BB-F901-4992-8562-D1AFE1AFEC8A
Windows Vista Service Pack 1 and Windows Vista Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=4FF2E440-79C2-4045-B225-913D1740FDB9
Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=4D826026-E62A-4CEC-8682-49FBE7F65CD6
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=FBADA866-7D36-4B85-ACDE-FD856A998737
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=8F4DDFCB-374D-4CAD-8C61-2B988B46F628
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=2FD71543-0E18-4907-89B9-355D24D7DB69
Microsoft Office XP Service Pack 3:
http://www.microsoft.com/downloads/details.aspx?familyid=6c87c2a9-3705-4680-8a9b-63b6ec83674d
A restart is required.
The Microsoft advisory is available at:
http://www.microsoft.com/technet/security/bulletin/ms11-029.mspx
|
Vendor URL: www.microsoft.com/technet/security/bulletin/ms11-029.mspx (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 12 Apr 2011 18:47:59 +0000
Subject: http://www.microsoft.com/technet/security/bulletin/ms11-029.mspx
|
Microsoft Security Bulletin MS11-029 - Critical: Vulnerability in GDI+ Could Allow Remote Code Execution (2489979)
CVE-2011-0041
[solution_section]
The vendor has issued the following fixes:
Windows XP Service Pack 3:
http://www.microsoft.com/downloads/details.aspx?familyid=59266A9D-A319-4309-A046-7F15C6DA0136
Windows XP Professional x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=3797009A-B9A4-4E83-8614-E1589C8B5090
Windows Server 2003 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=FD284233-E177-4064-9B02-F83DCB727DBE
Windows Server 2003 x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=D5ADAF4E-4CD7-42EA-8202-31B5C856F5E3
Windows Server 2003 with SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=72A513BB-F901-4992-8562-D1AFE1AFEC8A
Windows Vista Service Pack 1 and Windows Vista Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=4FF2E440-79C2-4045-B225-913D1740FDB9
Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=4D826026-E62A-4CEC-8682-49FBE7F65CD6
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=FBADA866-7D36-4B85-ACDE-FD856A998737
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=8F4DDFCB-374D-4CAD-8C61-2B988B46F628
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=2FD71543-0E18-4907-89B9-355D24D7DB69
Microsoft Office XP Service Pack 3:
http://www.microsoft.com/downloads/details.aspx?familyid=6c87c2a9-3705-4680-8a9b-63b6ec83674d
A restart is required.
The Microsoft advisory is available at:
http://www.microsoft.com/technet/security/bulletin/ms11-029.mspx
[/solution_section]
[bugno]2489979
[msno]MS11-029
[severity]Critical
|
|
