[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Windows GDI+ GIF memory corruption

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Windows GDI+ GIF memory corruption
From: "Ivan Fratric" <ifsecure@xxxxxxxxx>
Date: Wed, 10 Sep 2008 11:07:31 +0200

There is a memory corruption vulnerability with GIF file processing in
Microsoft GDI+ that can be used to crash a vulnerable application and
potentially execute arbitrary code.

###################
#The vulnerability#
###################

The vulnerability is caused due to improper handling of graphic
control extension when processing malformed GIF files. The
vulnerability can be triggered if a large number of extension markers
(0x21) followed by unknown labels is found when processing a GIF file.

########
#Impact#
########

This vulnerability can be used to corrupt memory of any application
utilizing GDI+ for GIF file decoding if it is used to open a malformed
GIF file. This could lead to code execution with the privileges of the
user running the vulnerable application.

############
#References#
############

http://ifsec.blogspot.com/2008/09/windows-gdi-gif-memory-corruption.html
http://www.zerodayinitiative.com/advisories/ZDI-08-056/
http://www.microsoft.com/technet/security/bulletin/ms08-052.mspx
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3013

Prev by Date: iDefense Security Advisory 09.09.08: Microsoft Windows GDI+ Gradient Fill Heap Overflow Vulnerability
Next by Date: [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)
Previous by thread: iDefense Security Advisory 09.09.08: Microsoft Windows GDI+ Gradient Fill Heap Overflow Vulnerability
Next by thread: [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)
Index(es):
- Date
- Thread