Vigil@nce - Windows: information disclosure via PNG
March 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can invite the victim the display a malicious PNG
image, to read a memory fragment of Windows, in order to obtain
sensitive information.
Impacted products: Windows 2003, Windows 2008 R0, Windows 2008 R2,
Microsoft Windows 2012, Windows 7, Windows 8, Windows RT, Windows
Vista
Severity: 2/4
Creation date: 10/03/2015
DESCRIPTION OF THE VULNERABILITY
The Windows system analyzes PNG images before displaying them.
However, it does not initialize a memory area before returning it
to the user.
An attacker can therefore invite the victim the display a
malicious PNG image, to read a memory fragment of Windows, in
order to obtain sensitive information.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Windows-information-disclosure-via-PNG-16368