Text Box: Text Box: Terms and Conditions CopyrightŪ 2008 SecPod, All rights reserved. info@secpod.com

SecPod ID: 10089

Microsoft Windows GDI Image Parsing Vulnerability

Status: Public Report

Release Date: 10-12-2008

Severity: High

CVSS Base Score: 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)

CVSS Temporal Score = 6.9  

Affected Software/OS/Device:

- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server
- Microsoft Windows Server 2003 Datacenter Edition
- Microsoft Windows Server 2003 Enterprise Edition
- Microsoft Windows Server 2003 Standard Edition
- Microsoft Windows Server 2003 Web Edition
- Microsoft Windows XP Home Edition
- Microsoft Windows XP Professional
- Microsoft Windows Vista
- Microsoft Windows Storage Server 2003

Impact Level: Application

OpenVAS Plugin ID: 900059

Snort Signature ID:

OVAL ID:

 

Vulnerability Insight:

 

Overview:

Microsoft Windows GDI is prone to Multiple Vulnerabilities.

 

Description:

This flaw is due to

- Overflow error in GDI when processing headers in Windows Metafile (WMF)

  files which can cause a buffer overflow through a specially crafted WMF

  file.

- Error exists in the the way the GDI handles file size parameters in WMF

  files which can cause a heap based overflow through a specially crafted

  WMF file

 

Impact :

Successful exploitation will let the attacker execute malicious arbitrary

codes in the context of the crafted WMF File and compromise a vulnerable system.

 

CVSS Score Report:    

    ACCESS_VECTOR = NETWORK
    ACCESS_COMPLEXITY = MEDIUM
    AUTHENTICATION = NOT_REQUIRED
    CONFIDENTIALITY_IMPACT = COMPLETE
    INTEGRITY_IMPACT = COMPLETE
    AVAILABILITY_IMPACT = COMPLETE
    EXPLOITABILITY = UNPROVEN
    REMEDIATION_LEVEL = OFFICIAL_FIX
    REPORT_CONFIDENCE = CONFIRMED
    CVSS Base Score = 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
    CVSS Temporal Score = 6.9
    Risk factor = High

 

Fix:

Solution/Patch not available as on 10th December 2008. For further updates refer,
http://www.microsoft.com/technet/security/advisory/960906.mspx

 

References:
http://secunia.com/advisories/32997
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4841

 

 

 

 

 

 

Home          Corporate          Resources          Report Security Bug          Diary