Vigil@nce: Windows, Office, several vulnerabilities of GDI
September 2008 by Vigil@nce
SYNTHESIS
A local or remote attacker can create malicious programs or images
in order to generate a denial of service or code execution on
victim’s computer.
Gravity: 4/4
Consequences: user access/rights, denial of service of computer
Provenance: document
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Number of vulnerabilities in this bulletin: 5
Creation date: 10/09/2008
Identifier: VIGILANCE-VUL-8097
IMPACTED PRODUCTS
– Microsoft Access [confidential versions]
– Microsoft Excel [confidential versions]
– Microsoft Internet Explorer [confidential versions]
– Microsoft Outlook [confidential versions]
– Microsoft PowerPoint [confidential versions]
– Microsoft Project [confidential versions]
– Microsoft Publisher [confidential versions]
– Microsoft SQL Server [confidential versions]
– Microsoft Visio [confidential versions]
– Microsoft Visual Studio [confidential versions]
– Microsoft Windows 2003 [confidential versions]
– Microsoft Windows 2008
– Microsoft Windows Vista [confidential versions]
– Microsoft Windows XP [confidential versions]
– Microsoft Word [confidential versions]
– SharePoint Team Services [confidential versions]
DESCRIPTION
Several vulnerabilities impact GDI+ (Graphics Device Interface,
gdiplus.dll).
The VML (Vector Markup Language) format is used to represent
vectorial images in a XML format. An attacker can create a VML
file indicating an invalid gradient in order to generate an
integer overflow leading to a memory corruption. [grav:4/4;
BID-31018, CVE-2007-5348]
An attacker can create a malicious EMF (Enhanced Metafile) file in
order to corrupt the memory. [grav:4/4; BID-31019, CVE-2008-3012]
An attacker can create a malicious WMF file generating an
allocation error, leading to a buffer overflow. [grav:4/4;
BID-31021, CVE-2008-3014]
An attacker can create a GIF image with a malicious data extension
in order to corrupt the memory. [grav:4/4; BID-31020,
CVE-2008-3013]
An attacker can create a BMP image with a malicious
BitMapInfoHeader header in order to corrupt the memory. [grav:4/4;
BID-31022, CVE-2008-3015]
A local or remote attacker can therefore create malicious programs
or images in order to generate a denial of service or code
execution on victim’s computer.
CHARACTERISTICS
Identifiers: 954593, BID-31018, BID-31019, BID-31020, BID-31021,
BID-31022, CVE-2007-5348, CVE-2008-3012, CVE-2008-3013, CVE-2008-3014, CVE-2008-3015, MS08-052, VIGILANCE-VUL-8097