Multi-State Sharing Info about Cyber Security
September 20088
MULTI-STATE INFORMATION SHARING AND ANALYSIS CENTER CYBER SECURITY ADVISORY
MS-ISAC ADVISORY NUMBER:
2008-030
DATE ISSUED:
09/09/2008
SUBJECT:
Multiple Vulnerabilities in Microsoft Graphics Device Interface (GDI+) Could Allow Remote Code Execution
OVERVIEW:
Five vulnerabilities have been discovered in the Microsoft Graphics Device Interface (GDI+), which could allow an attacker to take complete control of an affected system. These vulnerabilities can be exploited if a user views a malicious web page or opens an email attachment containing an image file specially designed to exploit one of the vulnerabilities. Successful exploitation will result in an attacker gaining the same privileges as the logged on user. If the user is logged on with administrator privileges, the attacker could then install programs; view, change, or delete data; or create new accounts with full privileges.
SYSTEMS AFFECTED:
o Windows XP Service Pack 2 & 3
o Windows XP Professional x64 Service Pack 1 & 2
o Windows Server 2003 Service Pack 1
o Windows Server 2003 Service Pack 2
o Windows Server 2003 x64 Edition
o Windows Server 2003 x64 Edition Service Pack 2
o Windows Server 2003 with SP1 for Itanium-based Systems
o Windows Server 2003 with SP2 for Itanium-based Systems
o Windows Vista and Windows Vista Service Pack 1
o Windows Vista x64 Edition
o Windows Vista x64 Edition Service Pack 1
o Windows Server 2008 for 32-bit Systems
o Windows Server 2008 for x64-based Systems
o Windows Server 2008 for Itanium-based Systems
o Microsoft Windows 2000 Service Pack 4
o Microsoft Internet Explorer 6 Service Pack 1
o Microsoft .NET Framework 1.0 Service Pack 3
o Microsoft .NET Framework 1.1 Service Pack 1
o Microsoft .NET Framework 2.0
o Microsoft .NET Framework 2.0 Service Pack 1
o Microsoft Office XP Service Pack 3
o Microsoft Office 2003 Service Pack 2
o Microsoft Office 2003 Service Pack 3
o 2007 Microsoft Office System
o 2007 Microsoft Office System Service Pack 1
o Microsoft Visio 2002 Service Pack 2
o Microsoft Office PowerPoint Viewer 2003
o Microsoft Works 8
o Microsoft Digital Image Suite 2006
o SQL Server 2005 Service Pack 2
o SQL Server 2005 x64 Edition Service Pack 2
o SQL Server 2005 for Itanium-based Systems Service Pack 2
o Microsoft Visual Studio .NET 2002 Service Pack 1
o Microsoft Visual Studio .NET 2003 Service Pack 1
o Microsoft Visual Studio 2005 Service Pack 1
o Microsoft Visual Studio 2008
o Microsoft Report Viewer 2005 Service Pack 1 Redistributable Package
o Microsoft Report Viewer 2008 Redistributable Package
o Microsoft Visual FoxPro 8.0 Service Pack 1
o Microsoft Visual FoxPro 9.0 Service Pack 1
o Microsoft Visual FoxPro 9.0 Service Pack 2
o Microsoft Platform SDK Redistributable: GDI+
o Microsoft Forefront Client Security 1.0
RISK:
Government:
o Large and medium government entities: High
o Small government entities: High
DESCRIPTION:
Microsoft Windows Graphic Device Interface (GDI+) fails to properly handle Windows Metafile (WMF), Windows Enhanced Metafile (EMF), Graphics Interchange Format (GIF) and Bitmap (BMP) image files. Additionally, a vulnerability has been discovered in the way GDI+ handles certain image file properties in Vector Markup Language (VML).
Microsoft Windows Graphic Device Interface (GDI+) enables various applications to access devices that render images for the user. Examples include desktop displays and printers. GDI+ is installed by default on all Microsoft Windows Operating systems.
All of the vulnerabilities mentioned in this advisory can be exploited if a user visits a malicious web site. Four of the vulnerabilities can also be exploited if a user opens or views a malicious image file, such as an attachment contained in an email message.
Successful exploitation will result in an attacker gaining the same privileges as the logged on user. If the user is logged on with administrator privileges, the attacker could then install programs; view, change, or delete data; or create new accounts with full privileges.
It should be noted that custom applications created using Microsoft Graphic Device Interface (GDI+) or .NET framework which use vulnerable GDI+ libraries are affected by these vulnerabilities. Attention should also be given to build machines and developer machines which use the Microsoft Graphic Device Interface (GDI+) or .NET framework. All third party software that uses GDI+ libraries should be updated. Please contact your software vendor(s) for updates.
At this time there is no known publicly available proof of concept or exploit code.
RECOMMENDATIONS:
We recommend the following:
o Apply appropriate patches provided by Microsoft to vulnerable systems immediately after appropriate testing.
o Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
o Do not visit un-trusted websites or follow links provided by unknown or un-trusted sources.
o Read all e-mail messages in plain text.
o Do not open email attachments from unknown or un-trusted sources.
o Update all custom software that uses GDI+ libraries.
REFERENCES:
Microsoft:
http://www.microsoft.com/technet/security/bulletin/MS08-052.mspx
Secunia:
http://secunia.com/advisories/31675/
CVE:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5348
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3012
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3013
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3014
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3015
MULTI-STATE INFORMATION SHARING AND ANALYSIS CENTER CYBER SECURITY ADVISORY
MS-ISAC ADVISORY NUMBER:
2008-030
DATE ISSUED:
09/09/2008
SUBJECT:
Multiple Vulnerabilities in Microsoft Graphics Device Interface (GDI+) Could Allow Remote Code Execution
OVERVIEW:
Five vulnerabilities have been discovered in the Microsoft Graphics Device Interface (GDI+), which could allow an attacker to take complete control of an affected system. These vulnerabilities can be exploited if a user views a malicious web page or opens an email attachment containing an image file specially designed to exploit one of the vulnerabilities. Successful exploitation will result in an attacker gaining the same privileges as the logged on user. If the user is logged on with administrator privileges, the attacker could then install programs; view, change, or delete data; or create new accounts with full privileges.
SYSTEMS AFFECTED:
o Windows XP Service Pack 2 & 3
o Windows XP Professional x64 Service Pack 1 & 2
o Windows Server 2003 Service Pack 1
o Windows Server 2003 Service Pack 2
o Windows Server 2003 x64 Edition
o Windows Server 2003 x64 Edition Service Pack 2
o Windows Server 2003 with SP1 for Itanium-based Systems
o Windows Server 2003 with SP2 for Itanium-based Systems
o Windows Vista and Windows Vista Service Pack 1
o Windows Vista x64 Edition
o Windows Vista x64 Edition Service Pack 1
o Windows Server 2008 for 32-bit Systems
o Windows Server 2008 for x64-based Systems
o Windows Server 2008 for Itanium-based Systems
o Microsoft Windows 2000 Service Pack 4
o Microsoft Internet Explorer 6 Service Pack 1
o Microsoft .NET Framework 1.0 Service Pack 3
o Microsoft .NET Framework 1.1 Service Pack 1
o Microsoft .NET Framework 2.0
o Microsoft .NET Framework 2.0 Service Pack 1
o Microsoft Office XP Service Pack 3
o Microsoft Office 2003 Service Pack 2
o Microsoft Office 2003 Service Pack 3
o 2007 Microsoft Office System
o 2007 Microsoft Office System Service Pack 1
o Microsoft Visio 2002 Service Pack 2
o Microsoft Office PowerPoint Viewer 2003
o Microsoft Works 8
o Microsoft Digital Image Suite 2006
o SQL Server 2005 Service Pack 2
o SQL Server 2005 x64 Edition Service Pack 2
o SQL Server 2005 for Itanium-based Systems Service Pack 2
o Microsoft Visual Studio .NET 2002 Service Pack 1
o Microsoft Visual Studio .NET 2003 Service Pack 1
o Microsoft Visual Studio 2005 Service Pack 1
o Microsoft Visual Studio 2008
o Microsoft Report Viewer 2005 Service Pack 1 Redistributable Package
o Microsoft Report Viewer 2008 Redistributable Package
o Microsoft Visual FoxPro 8.0 Service Pack 1
o Microsoft Visual FoxPro 9.0 Service Pack 1
o Microsoft Visual FoxPro 9.0 Service Pack 2
o Microsoft Platform SDK Redistributable: GDI+
o Microsoft Forefront Client Security 1.0
RISK:
Government:
o Large and medium government entities: High
o Small government entities: High
DESCRIPTION:
Microsoft Windows Graphic Device Interface (GDI+) fails to properly handle Windows Metafile (WMF), Windows Enhanced Metafile (EMF), Graphics Interchange Format (GIF) and Bitmap (BMP) image files. Additionally, a vulnerability has been discovered in the way GDI+ handles certain image file properties in Vector Markup Language (VML).
Microsoft Windows Graphic Device Interface (GDI+) enables various applications to access devices that render images for the user. Examples include desktop displays and printers. GDI+ is installed by default on all Microsoft Windows Operating systems.
All of the vulnerabilities mentioned in this advisory can be exploited if a user visits a malicious web site. Four of the vulnerabilities can also be exploited if a user opens or views a malicious image file, such as an attachment contained in an email message.
Successful exploitation will result in an attacker gaining the same privileges as the logged on user. If the user is logged on with administrator privileges, the attacker could then install programs; view, change, or delete data; or create new accounts with full privileges.
It should be noted that custom applications created using Microsoft Graphic Device Interface (GDI+) or .NET framework which use vulnerable GDI+ libraries are affected by these vulnerabilities. Attention should also be given to build machines and developer machines which use the Microsoft Graphic Device Interface (GDI+) or .NET framework. All third party software that uses GDI+ libraries should be updated. Please contact your software vendor(s) for updates.
At this time there is no known publicly available proof of concept or exploit code.
RECOMMENDATIONS:
We recommend the following:
o Apply appropriate patches provided by Microsoft to vulnerable systems immediately after appropriate testing.
o Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
o Do not visit un-trusted websites or follow links provided by unknown or un-trusted sources.
o Read all e-mail messages in plain text.
o Do not open email attachments from unknown or un-trusted sources.
o Update all custom software that uses GDI+ libraries.
REFERENCES:
Microsoft:
http://www.microsoft.com/technet/security/bulletin/MS08-052.mspx
Secunia:
http://secunia.com/advisories/31675/
CVE:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5348
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3012
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3013
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3014
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3015
posted by arkietechs at 7:22 AM
0 Comments:
Post a Comment
<< Home