Windows GDI+ GIF memory corruption
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: Windows GDI+ GIF memory corruption
- From: "Ivan Fratric" <ifsecure@xxxxxxxxx>
- Date: Wed, 10 Sep 2008 11:07:31 +0200
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:mime-version:content-type:content-transfer-encoding :content-disposition; bh=LRNqQ2AqPemMjXhBMlMV7c1QI2xfe99lciQxWkqgxwM=; b=mA7799cNmSciIByF7vU7fStSxU5vsfJ2emqW68M7rHuCntFlcrrno3k8/1R8C9hBfJ q8yE6pIKH0ykn35CneIONZpGUKuLEpO5PbU/q8L9klDNH60GbWc79mIaD2oW9Wrdfe2F H4IvN4XDzbj/t2tAkmS4GV2rSoTUzzzP+FHbw=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type :content-transfer-encoding:content-disposition; b=KiUNpHcA5YRbqXEC7tVF7jeletV4bobRVr7+ae4Gb7hQG7KLI8c5ryKpdxfKZJ4d6K TeCaetb6vgcfnilgDrjqgiJFyvTN4bPkHSJRY7QQJRv3pJQPPD3XTx5ilfdJz92D5lAF 3X+g7DcQbOFjiQGIsY6mFwesRBEo9/JMc5ea0=
- List-help: <mailto:bugtraq-help@securityfocus.com>
- List-id: <bugtraq.list-id.securityfocus.com>
- List-post: <mailto:bugtraq@securityfocus.com>
- List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
- List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
- Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
There is a memory corruption vulnerability with GIF file processing in
Microsoft GDI+ that can be used to crash a vulnerable application and
potentially execute arbitrary code.
###################
#The vulnerability#
###################
The vulnerability is caused due to improper handling of graphic
control extension when processing malformed GIF files. The
vulnerability can be triggered if a large number of extension markers
(0x21) followed by unknown labels is found when processing a GIF file.
########
#Impact#
########
This vulnerability can be used to corrupt memory of any application
utilizing GDI+ for GIF file decoding if it is used to open a malformed
GIF file. This could lead to code execution with the privileges of the
user running the vulnerable application.
############
#References#
############
http://ifsec.blogspot.com/2008/09/windows-gdi-gif-memory-corruption.html
http://www.zerodayinitiative.com/advisories/ZDI-08-056/
http://www.microsoft.com/technet/security/bulletin/ms08-052.mspx
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3013