Microsoft GDI+ JPEG buffer overflow vulnerability

Discussion in 'NZ Computing' started by Patrick Dunford, Oct 6, 2004.

  1. [Got a warning about this when I went to Windows Update today, so MS are
    on track with it]

    http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=31594

    Microsoft GDI+ JPEG buffer overflow vulnerability

    Date Discovered: September 14, 2004
    Date Published: September 14, 2004
    Last Updated: October 5, 2004

    Threat Assessment High
    High
    High
    High

    Vulnerability Description

    Vulnerability ID: 31594 Discovered by: Nick DeBaggis
    Exploitable Locally: No Exploitable Remotely: Yes
    Impact: Remote attackers can execute arbitrary code.

    Root Cause: Software Vulnerability





    Multiple Microsoft products contain a vulnerability that can allow an
    attacker to execute arbitrary code. The vulnerability is due to improper
    bounds checking when processing malformed JPEG images. Attackers can
    exploit the vulnerability by creating a carefully crafted JPEG image and
    enticing a victim into viewing it.



    Recommendations

    Affected Technologies

    References


    Recommendations



    NDP1.1sp1-KB867460-X86 - .Net Framework 1.1


    project2003-KB838344-FullFile-ENU -Project 2003


    officexp-kb832332-client-enu - Office XP


    NDP1.0sp3-KB867461-X86-Enu - .Net Framework SP2


    Visio2002-KB831932-FullFile-ENU


    WindowsXP-KB833987-x86-ENU -Windows XP


    WindowsXP-KB833987-ia64-ENU - Windows XP 64-bit


    NDP1.0sp3-KB867461-X86-Enu - .Net Framework SP2


    IE6.0sp1-KB833989-x86-ENU


    IE6.0sp1-KB833989-x86-ENU


    WindowsServer2003-KB833987-x86-ENU - Window Server 2003


    WindowsServer2003-KB833987-x86-ENU - Window Server 2003


    WindowsXP-KB833987-x86-ENU - Windows XP SP1


    NDP1.1sp1-KB867460-X86 - .Net Framework 1.1


    project2002-kb831931-FullFile-ENU -Project 2002


    office2003-kb838905-client-enu - Office 2003


    WindowsXP-KB833987-x86-ENU -Windows XP


    WindowsXP-KB833987-x86-ENU - Windows XP SP1


    WindowsServer2003-KB833987-IA64-ENU - Windows Server 2003 64-bit


    Visio2003-KB838345-FullFile-ENU


    Return to top

    Affected Technologies

    Microsoft: .NET Framework 1.0 SP2
    Microsoft: .NET Framework 1.1
    Microsoft: Excel 2002
    Microsoft: Excel 2003
    Microsoft: FrontPage 2002
    Microsoft: Internet Explorer 6 SP1
    Microsoft: Microsoft Outlook 2002
    Microsoft: Microsoft Outlook 2003
    Microsoft: Microsoft PowerPoint 2002
    Microsoft: Microsoft PowerPoint 2003
    Microsoft: Microsoft Project 2002
    Microsoft: Project 2003
    Microsoft: Publisher 2002
    Microsoft: Visio 2002
    Microsoft: Visio2003
    Microsoft: Windows Server 2003 64-Bit Edition
    Microsoft: Windows Server 2003 Enterprise Edition
    Microsoft: Windows Server 2003 Enterprise Edition, 64-bit
    Microsoft: Windows Server 2003 Standard Edition
    Microsoft: Windows Server 2003 Web Edition
    Microsoft: Windows XP 64-bit Edition SP1
    Microsoft: Windows XP Professional
    Microsoft: Windows XP Professional SP1
    Microsoft: Word 2002
    Microsoft: Word 2003
     
    Patrick Dunford, Oct 6, 2004
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.