Windows GDI+ GIF memory corruption

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Windows GDI+ GIF memory corruption
From: "Ivan Fratric" <ifsecure@xxxxxxxxx>
Date: Wed, 10 Sep 2008 11:07:31 +0200
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:mime-version:content-type:content-transfer-encoding :content-disposition; bh=LRNqQ2AqPemMjXhBMlMV7c1QI2xfe99lciQxWkqgxwM=; b=mA7799cNmSciIByF7vU7fStSxU5vsfJ2emqW68M7rHuCntFlcrrno3k8/1R8C9hBfJ q8yE6pIKH0ykn35CneIONZpGUKuLEpO5PbU/q8L9klDNH60GbWc79mIaD2oW9Wrdfe2F H4IvN4XDzbj/t2tAkmS4GV2rSoTUzzzP+FHbw=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type :content-transfer-encoding:content-disposition; b=KiUNpHcA5YRbqXEC7tVF7jeletV4bobRVr7+ae4Gb7hQG7KLI8c5ryKpdxfKZJ4d6K TeCaetb6vgcfnilgDrjqgiJFyvTN4bPkHSJRY7QQJRv3pJQPPD3XTx5ilfdJz92D5lAF 3X+g7DcQbOFjiQGIsY6mFwesRBEo9/JMc5ea0=
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

There is a memory corruption vulnerability with GIF file processing in
Microsoft GDI+ that can be used to crash a vulnerable application and
potentially execute arbitrary code.

###################
#The vulnerability#
###################

The vulnerability is caused due to improper handling of graphic
control extension when processing malformed GIF files. The
vulnerability can be triggered if a large number of extension markers
(0x21) followed by unknown labels is found when processing a GIF file.

########
#Impact#
########

This vulnerability can be used to corrupt memory of any application
utilizing GDI+ for GIF file decoding if it is used to open a malformed
GIF file. This could lead to code execution with the privileges of the
user running the vulnerable application.

############
#References#
############

http://ifsec.blogspot.com/2008/09/windows-gdi-gif-memory-corruption.html
http://www.zerodayinitiative.com/advisories/ZDI-08-056/
http://www.microsoft.com/technet/security/bulletin/ms08-052.mspx
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3013

Prev by Date: iDefense Security Advisory 09.09.08: Microsoft Windows GDI+ Gradient Fill Heap Overflow Vulnerability
Next by Date: [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)
Previous by thread: iDefense Security Advisory 09.09.08: Microsoft Windows GDI+ Gradient Fill Heap Overflow Vulnerability
Next by thread: [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)
Index(es):
- Date
- Thread