Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: Windows, Office, several vulnerabilities of GDI

September 2008 by Vigil@nce

SYNTHESIS

A local or remote attacker can create malicious programs or images in order to generate a denial of service or code execution on victim’s computer.

Gravity: 4/4

Consequences: user access/rights, denial of service of computer

Provenance: document

Means of attack: no proof of concept, no attack

Ability of attacker: expert (4/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Number of vulnerabilities in this bulletin: 5

Creation date: 10/09/2008

Identifier: VIGILANCE-VUL-8097

IMPACTED PRODUCTS

- Microsoft Access [confidential versions]
- Microsoft Excel [confidential versions]
- Microsoft Internet Explorer [confidential versions]
- Microsoft Outlook [confidential versions]
- Microsoft PowerPoint [confidential versions]
- Microsoft Project [confidential versions]
- Microsoft Publisher [confidential versions]
- Microsoft SQL Server [confidential versions]
- Microsoft Visio [confidential versions]
- Microsoft Visual Studio [confidential versions]
- Microsoft Windows 2003 [confidential versions]
- Microsoft Windows 2008
- Microsoft Windows Vista [confidential versions]
- Microsoft Windows XP [confidential versions]
- Microsoft Word [confidential versions]
- SharePoint Team Services [confidential versions]

DESCRIPTION

Several vulnerabilities impact GDI+ (Graphics Device Interface, gdiplus.dll).

The VML (Vector Markup Language) format is used to represent vectorial images in a XML format. An attacker can create a VML file indicating an invalid gradient in order to generate an integer overflow leading to a memory corruption. [grav:4/4; BID-31018, CVE-2007-5348]

An attacker can create a malicious EMF (Enhanced Metafile) file in order to corrupt the memory. [grav:4/4; BID-31019, CVE-2008-3012]

An attacker can create a malicious WMF file generating an allocation error, leading to a buffer overflow. [grav:4/4; BID-31021, CVE-2008-3014]

An attacker can create a GIF image with a malicious data extension in order to corrupt the memory. [grav:4/4; BID-31020, CVE-2008-3013]

An attacker can create a BMP image with a malicious BitMapInfoHeader header in order to corrupt the memory. [grav:4/4; BID-31022, CVE-2008-3015]

A local or remote attacker can therefore create malicious programs or images in order to generate a denial of service or code execution on victim’s computer.

CHARACTERISTICS

Identifiers: 954593, BID-31018, BID-31019, BID-31020, BID-31021, BID-31022, CVE-2007-5348, CVE-2008-3012, CVE-2008-3013, CVE-2008-3014, CVE-2008-3015, MS08-052, VIGILANCE-VUL-8097

https://vigilance.aql.fr/tree/1/8097




See previous articles

    

See next articles