NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Secunia Advisories> 2009-q4

[SA37007] Microsoft Products GDI+ Multiple Vulnerabilities

From: Secunia Security Advisories (sec-advsecunia.com)
Date: Tue Oct 13 2009 - 18:24:11 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

----------------------------------------------------------------------

Do you have VARM strategy implemented?

(Vulnerability Assessment Remediation Management)

If not, then implement it through the most reliable vulnerability
intelligence source on the market.

Implement it through Secunia.

For more information visit:
http://secunia.com/advisories/business_solutions/

Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
salessecunia.com

----------------------------------------------------------------------

TITLE:
Microsoft Products GDI+ Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA37007

VERIFY ADVISORY:
http://secunia.com/advisories/37007/

DESCRIPTION:
Some vulnerabilities have been reported in various Microsoft
products, which can be exploited by malicious people to compromise a
vulnerable system.

1) An integer overflow exists when processing the number of colours
used in a bitmap image. This can be exploited to cause a heap-based
buffer overflow via a specially crafted bitmap image.

2) An integer overflow error in the handling of WMF image files can
be exploited to cause a heap-based buffer overflow.

3) A boundary error in the processing of PNG files can be exploited
to cause a heap-based buffer overflow.

4) A boundary error in the processing of TIFF files can be exploited
to cause a buffer overflow.

5) A unspecified error in the processing of TIFF files can be
exploited to corrupt memory.

6) An integer overflow error in certain GDI+ APIs can be exploited to
cause a buffer overflow via a specially crafted .NET Framework
application.

7) An integer overflow vulnerability in the processing of PNG files
can be exploited to cause a buffer overflow.

8) An error exists in the parsing of Office Art Property Tables,
which can be exploited to corrupt memory when a user opens a
specially crafted Office document.

Successful exploitation of these vulnerabilities allows execution of
arbitrary code.

SOLUTION:
Apply patches.

Windows XP SP2 / SP3:
http://www.microsoft.com/downloads/details.aspx?familyid=e2acde20-a6d3-4135-b6eb-1214f743d474

Windows XP Professional x64 Edition SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=ad92503a-8c91-4d73-98b0-942d7961637d

Windows Server 2003 SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=414466a4-39a0-476d-9a43-ae7674cbd6a0

Windows Server 2003 x64 Edition SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=eb95e8d9-6ef5-4526-99d2-507e50de049b

Windows Server 2003 with SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=a678ceb9-a37a-4c29-8bd1-f209922990e5

Windows Vista (optionally with SP1):
http://www.microsoft.com/downloads/details.aspx?familyid=19aa01f3-026d-4264-85f8-216d0597969b

Windows Vista x64 Edition (optionally with SP1):
http://www.microsoft.com/downloads/details.aspx?familyid=8f5f0c1d-1dd6-47fa-aef2-d3c96c8fc06e

Windows Server 2008 for 32-bit Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=fd1694af-8873-43aa-9243-91f7cde452b7

Windows Server 2008 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=41bc4cdb-273a-4a6e-80d9-c8ce20e32da9

Windows Server 2008 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=a4f42085-1cb9-4b8d-a931-85be71fdf06d

Microsoft Windows 2000 SP4 (Microsoft Internet Explorer 6 SP1):
http://www.microsoft.com/downloads/details.aspx?familyid=f3fef608-dafb-4b37-a65a-9cc4ae8e2c4c

Microsoft Windows 2000 SP4 (Microsoft .NET Framework 1.1 SP1):
http://www.microsoft.com/downloads/details.aspx?FamilyId=ecf78619-80fa-417d-852b-1b5b2cf574e2

Microsoft Windows 2000 SP4 (Microsoft .NET Framework 2.0 SP1):
http://www.microsoft.com/downloads/details.aspx?FamilyId=3e534aa8-29c2-4379-9f57-931a6ff47418

Microsoft Windows 2000 SP4 (Microsoft .NET Framework 2.0 SP2):
http://www.microsoft.com/downloads/details.aspx?familyid=e6f5e730-85cc-4c08-a50d-c456b1e9f5bc

Microsoft Office XP SP3:
http://www.microsoft.com/downloads/details.aspx?familyid=b4ac7fbe-dd19-4940-a576-89a6b7ed602d

Microsoft Office 2003 SP3:
http://www.microsoft.com/downloads/details.aspx?familyid=48752ab4-5928-476d-a8bc-e998d188b1f7

2007 Microsoft Office System SP1:
http://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec

2007 Microsoft Office System SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec

Microsoft Office Project 2002 SP1:
http://www.microsoft.com/downloads/details.aspx?familyid=b4ac7fbe-dd19-4940-a576-89a6b7ed602d

Microsoft Office Visio 2002 SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=920ee70b-c5c1-47b5-8f33-938ffe14eea4

Microsoft Office Word Viewer, Microsoft Word Viewer 2003 (optionally
with SP3), Microsoft Office Excel Viewer 2003 (optionally with SP3):
http://www.microsoft.com/downloads/details.aspx?familyid=48752ab4-5928-476d-a8bc-e998d188b1f7

Microsoft Office Excel Viewer, PowerPoint Viewer 2007 (optionally
with SP1):
http://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec

PowerPoint Viewer 2007 SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec

Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint
2007 File Formats SP1:
http://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec

Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint
2007 File Formats SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec

Microsoft Expression Web and Microsoft Expression Web 2:
http://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec

Microsoft Office Groove 2007 (optionally with SP1):
http://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec

Microsoft Works 8.5:
http://www.microsoft.com/downloads/details.aspx?familyid=6f96de9a-62d8-428f-9567-51d55c129be6

SQL Server 2000 Reporting Services SP2 (QFE):
http://www.microsoft.com/downloads/details.aspx?familyid=33554f96-5af7-4683-a537-9db293b67b8d

SQL Server 2005 SP2 (GDR):
http://www.microsoft.com/downloads/details.aspx?familyid=d971a262-1dfb-498c-a4f3-59fdc1b85d23

SQL Server 2005 SP2 (QFE):
http://www.microsoft.com/downloads/details.aspx?familyid=76d3d653-e9a0-48bc-afae-d3553f7b9235

SQL Server 2005 x64 Edition SP2 (GDR):
http://www.microsoft.com/downloads/details.aspx?familyid=d971a262-1dfb-498c-a4f3-59fdc1b85d23

SQL Server 2005 x64 Edition SP2 (QFE):
http://www.microsoft.com/downloads/details.aspx?familyid=76d3d653-e9a0-48bc-afae-d3553f7b9235

SQL Server 2005 for Itanium-based Systems SP2 (GDR):
http://www.microsoft.com/downloads/details.aspx?familyid=d971a262-1dfb-498c-a4f3-59fdc1b85d23

SQL Server 2005 for Itanium-based Systems SP2 (QFE):
http://www.microsoft.com/downloads/details.aspx?familyid=76d3d653-e9a0-48bc-afae-d3553f7b9235

SQL Server 2005 SP3 (GDR):
http://www.microsoft.com/downloads/details.aspx?familyid=0d878f4b-71e8-4170-9a14-1bce684811ce

SQL Server 2005 SP3 (QFE):
http://www.microsoft.com/downloads/details.aspx?familyid=e6f307c1-8b21-406e-9c6f-b1a3a1e9a98f

SQL Server 2005 x64 Edition SP3 (GDR):
http://www.microsoft.com/downloads/details.aspx?familyid=0d878f4b-71e8-4170-9a14-1bce684811ce

SQL Server 2005 x64 Edition SP3 (QFE):
http://www.microsoft.com/downloads/details.aspx?familyid=e6f307c1-8b21-406e-9c6f-b1a3a1e9a98f

SQL Server 2005 for Itanium-based Systems SP3 (GDR):
http://www.microsoft.com/downloads/details.aspx?familyid=0d878f4b-71e8-4170-9a14-1bce684811ce

SQL Server 2005 for Itanium-based Systems SP3 (QFE):
http://www.microsoft.com/downloads/details.aspx?familyid=e6f307c1-8b21-406e-9c6f-b1a3a1e9a98f

Microsoft Visual Studio .NET 2003 SP1:
http://www.microsoft.com/downloads/details.aspx?familyid=9e3b52d3-b211-4d62-891c-ae8f2e4ffc6c

Microsoft Visual Studio 2005 SP1:
http://www.microsoft.com/downloads/details.aspx?familyid=e186aeed-e9d7-4a02-84b3-bbed116ca060

Microsoft Visual Studio 2008:
http://www.microsoft.com/downloads/details.aspx?familyid=4fa10c93-ce20-43df-a725-ef4c77353747

Microsoft Visual Studio 2008 SP1:
http://www.microsoft.com/downloads/details.aspx?familyid=b904dee8-8a26-43f8-8ca9-86ad12cfdb52

Microsoft Report Viewer 2005 SP1 Redistributable Package:
http://www.microsoft.com/downloads/details.aspx?familyid=0dfaf300-2b53-4678-a779-0d805ddfe538

Microsoft Report Viewer 2008 Redistributable Package:
http://www.microsoft.com/downloads/details.aspx?familyid=42ed040f-cf94-4754-b0b3-c8016fbcbe22

Microsoft Report Viewer 2008 Redistributable Package SP1:
http://www.microsoft.com/downloads/details.aspx?familyid=6aaa74bd-a46e-4478-b4e1-2063d18d2d42

Microsoft Visual FoxPro 8.0 SP1 when installed on Microsoft Windows
2000 SP4:
http://www.microsoft.com/downloads/details.aspx?familyid=e5d0d515-4b36-4025-bc6f-1c5cdf09e1af

Microsoft Visual FoxPro 9.0 SP2 when installed on Microsoft Windows
2000 SP4:
http://www.microsoft.com/downloads/details.aspx?familyid=2a930f56-59ac-49a6-830f-bfae7c540ec7

Microsoft Platform SDK Redistributable - GDI+:
http://www.microsoft.com/downloads/details.aspx?FamilyId=6A63AB9C-DF12-4D41-933C-BE590FEAA05A

Microsoft Forefront Client Security 1.0 when installed on Microsoft
Windows 2000 SP4:
http://www.microsoft.com/downloads/details.aspx?familyid=c0ce624c-8df3-4223-8a7a-5cba4ac334a8

PROVIDED AND/OR DISCOVERED BY:
1) Carsten Eiram, Secunia Research

The vendor credits:
2) Yamata Li of Palo Alto Networks
3) Thomas Garnier of SkyRecon
4) Wushi of VeriSign iDefense Labs
5) Ivan Fratric of the Zero Day Initiative, Tavis Ormandy of Google
Inc., and Carlo Di Dato (aka shinnai)
7) Tavis Ormandy of Google Inc.
8) Marsu Pilami of VeriSign iDefense Labs

ORIGINAL ADVISORY:
MS09-062 (KB957488, KB958869, KB971108, KB971110, KB971111, KB974811,
KB972580, KB972581, KB975365, KB973636, KB970895, KB970892, KB970899,
KB970896, KB970894, KB971022, KB971023, KB972221, KB972222, KB971117,
KB971118, KB971119, KB971104, KB971105, KB975337, KB975962):
http://www.microsoft.com/technet/security/bulletin/MS09-062.mspx

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/

Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]