- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Vulnerability in GDI Allows Code Execution (MS07-046)
------------------------------------------------------------------------
SUMMARY
A remote code execution vulnerability exists in the Graphics Rendering
Engine because of the way that it handles specially crafted images. An
attacker could exploit the vulnerability by constructing a specially
crafted image that could potentially allow remote code execution if a user
opened a specially crafted attachment in e-mail.
An attacker who successfully exploited this vulnerability could gain the
same user rights as the local user. Users whose accounts are configured to
have fewer user rights on the system could be less impacted than users who
operate with administrative user rights.
DETAILS
Affected Software:
*
<http://www.microsoft.com/downloads/details.aspx?FamilyId=8fc8340b-c2b3-4559-835c-caa00cf086b9> Microsoft Windows 2000 Service Pack 4
*
<http://www.microsoft.com/downloads/details.aspx?FamilyId=dc29475d-c0bb-4d35-8dd6-4ca1cac32315> Windows XP Service Pack 2
*
<http://www.microsoft.com/downloads/details.aspx?FamilyId=3c81730a-981a-4649-b2d9-45144230d512> Windows XP Professional x64 Edition
*
<http://www.microsoft.com/downloads/details.aspx?FamilyId=5374583d-de68-4d65-bca8-598d6b98b8b3> Windows Server 2003 Service Pack 1
*
<http://www.microsoft.com/downloads/details.aspx?FamilyId=c3359f27-e03e-4a4f-b896-3bda39f69f7e> Windows Server 2003 x64 Edition
*
<http://www.microsoft.com/downloads/details.aspx?FamilyId=92822479-2060-4357-a340-ed096f180b2b> Windows Server 2003 with SP1 for Itanium-based Systems
Non-Affected Software:
* Windows XP Professional x64 Edition Service Pack 2
* Windows Server 2003 Service Pack 2
* Windows Server 2003 x64 Edition Service Pack 2
* Windows Server 2003 with SP2 for Itanium-based Systems
* Windows Vista
* Windows Vista x64 Edition
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3034>
CVE-2007-3034
Mitigating Factors for Remote Code Execution Vulnerability in GDI:
Mitigation refers to a setting, common configuration, or general
best-practice, existing in a default state, that could reduce the severity
of exploitation of a vulnerability. The following mitigating factor may be
helpful in your situation:
* An attacker who successfully exploited this vulnerability could gain
the same user rights as the local user. Users whose accounts are
configured to have fewer user rights on the system could be less impacted
than users who operate with administrative user rights.
* Microsoft Windows Vista and Windows Server 2003 Service pack 2 are
unaffected by this issue.
FAQ for Remote Code Execution Vulnerability in GDI:
What is the scope of the vulnerability?
This is a remote code execution vulnerability. If a user is logged on with
administrative user rights, an attacker who successfully exploited this
vulnerability could take complete control of an affected system. An
attacker could then install programs; view, change, or delete data; or
create new accounts with full user rights. Users whose accounts are
configured to have fewer user rights on the system could be less impacted
than users who operate with administrative user rights.
What causes the vulnerability ?
The vulnerability exists in the way that the Graphics Rendering Engine
handles specially crafted images, potentially allowing arbitrary code to
be executed.
What might an attacker use the vulnerability to do?
An attacker who successfully exploited this vulnerability could run code
on the affected system.
How could an attacker exploit the vulnerability?
An attacker could exploit this vulnerability by creating a specially
crafted attachment in e-mail and then persuading the user to open the
attachment. If the user opened the attachment, the attacker could cause
arbitrary code to run in the security context of the locally logged-on
user.
What is GDI?
Microsoft Windows graphics device interface (GDI) enables applications to
use graphics and formatted text on both the video display and the printer.
Windows-based applications do not access the graphics hardware directly.
Instead, GDI interacts with device drivers on behalf of applications. For
more information on GDI, please visit the Windows GDI Start Page.
What systems are primarily at risk from the vulnerability?
Workstations and terminal servers are primarily at risk.
What does the update do?
The update removes the vulnerability by adding overflow validations to the
handling of images.
When this security bulletin was issued, had this vulnerability been
publicly disclosed?
No. Microsoft received information about this vulnerability through
responsible disclosure.
When this security bulletin was issued, had Microsoft received any reports
that this vulnerability was being exploited?
No. Microsoft had not received any information to indicate that this
vulnerability had been publicly used to attack customers and had not seen
any examples of proof of concept code published when this security
bulletin was originally issued.
ADDITIONAL INFORMATION
The information has been provided by Microsoft Security Bulletin MS07-046.
The original article can be found at:
<http://www.microsoft.com/technet/security/bulletin/ms07-046.mspx>
http://www.microsoft.com/technet/security/bulletin/ms07-046.mspx
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
No comments:
Post a Comment