Windows$B%a%?%U%!%$%k(B SetPalette$B%(%s%H%j%R!<(B$B%W%*!<%P!<%U%m!<@H<e@-(B

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Windows$B%a%?%U%!%$%k(B SetPalette$B%(%s%H%j%R!<(B$B%W%*!<%P!<%U%m!<@H
To: bugtraq-jp@xxxxxxxxxxxxxxxxx
Subject: Windows$B%a%?%U%!%$%k(B SetPalette$B%(%s%H%j%R!<(B$B%W%*!<%P!<%U%m!<@H
From: Akiko Takahashi <takahashi.akiko@xxxxxxxxx>
Date: Wed, 09 Nov 2005 07:35:30 +0900
Windows$B%a%?%U%!%$%k(B SetPalette$B%(%s%H%j%R!<%W%*!<%P!<%U%m!<@Hhttp://www.eeye.com/html/research/advisories/AD20051108a.html
(B
$B%j%j!<%9F|(B:
(BNovember 8, 2005
(B
$BJs9pF|(B: 
(BSeptember 1, 2005
(B
$B%Q%C%A3+H/4|4V(B: 68$BF|(B
(B
$B%j%9%/%l%Y%k(B: 
$B9b(B ($B%3!<%I]%7%9%F%`(B:
(BWindows NT 4
(BWindows 2000
(BWindows XP SP0, SP1
(BWindows Server 2003 SP0
(B
(BeEye ID#:  EEYEB-20050901
(BOSVDB ID#: 
(BCVE #:  CAN-2005-2123
(B
$B35MW(B:
(BeEye Digital Security$B$O!"(BWindows Graphical Device Interface (GDI)$B$N(B
(BWindows$B%a%?%U%!%$%k(B(.WMF)$B7A<0$N2hA|%U%!%$%k$N=hM}J}K!$K@H\:Y>pJs(B:
(BGDI32.DLL$B$K4^$^$l$k(BWindows$B%a%?%U%!%$%kIA2hMQ%3!<%I$N(B"SetPaletteEntries"
$B7?%l%3!<%I$r=hM}$9$k!"(BPlayMetaFileRecord$B4X?t(B(36h$B5Z$S(B37h)$B$K@0?t%*!<%P!<%U(B
$B%m!<@Hl9g!"2<5-$N(B
$B%3!<%I$K$F@0?t%*!<%P!<%U%m!<$,H/@8$7$^$9!#%l%3!<%ID9%U%#!<%k%I$N@5Ev@-%A%'%C(B
$B%/$,E,@Z$K$J$5$l$F$$$J$$$?$a!"IT==J,$J%R!<%W%V%m%C%/$r3d$jEv$F$5$;$k$3$H(B
$B$,;v$,2DG=$H$J$j$^$9!#(B
(B
(B    77F5BC38    mov     eax, [ebx]         ; $B%l%3!<%ID9(B
(B    77F5BC3A    lea     eax, [eax+eax+2]   ; *** $B@0?t%*!<%P!<%U%m!<(B ***
(B    77F5BC3E    push    eax
(B    77F5BC3F    push    edi
(B    77F5BC40    call    ds:LocalAlloc
(B     ...
(B    77F5BC51    mov     ecx, [ebx]         ; $B%l%3!<%ID9(B
(B    77F5BC53    add     eax, 2
(B    77F5BC56    shl     ecx, 1             ; $B%3%T!<%5%$%:(B != $B3d$jEv$F%5%$%:(B
(B    77F5BC58    mov     edx, ecx           ; $BFbIt(B memcpy() $B3+;O(B
(B    77F5BC5A    mov     esi, ebx
(B    77F5BC5C    mov     edi, eax
(B    77F5BC5E    shr     ecx, 2
(B    77F5BC61    rep movsd
(B    77F5BC63    mov     ecx, edx
(B    77F5BC65    and     ecx, 3
(B     ...
(B    77F5BC6D    rep movsb
(B
$B%3%T!]$H$J$j$^$9$,!"%a%b%j3d$jEv$FD9$,(B"
$B%l%3!<%ID9(B(=$B%3%T!o$K>.$5$/!"(B
$B%3%T!o$KBg$-$/$9$k;v$,2DG=$G$9!#7k2L$H$7$F%a%?%U%!%$%kCf$NG$0U$N(B
$B%P%$%J%j%G!<%?$G!"40A4$K%R!<%W$r>e=q$-$9$k;v$,2DG=$H$J$j$^$9!#(B
(B
$BBP1~%=%U%H%&%'%">pJs(B:
(BRetina - $B%M%C%H%o!<%/@Hu67(B:
(BMicrosoft$Bhttp://www.microsoft.com/technet/security/bulletin/MS05-053.mspx
(B
$B%/%l%8%C%H(B:
$BH/8+=;R(B ($B=;>&>pJs%7%9%F%`3t<02qpJs(B:
(BRetina Network Security Scanner - $BI>2AHG(B($BF|K\8lHG(B)
(B - https://sec.sse.co.jp/eeye/freedl.html
(BBlink Endpoint Vulnerability Prevention - $BI>2AHG(B($B1Q8lHG(B)
(B - http://www.eeye.com/html/products/blink/download/index.html
(B
(B
$BK\(BAdvisory$B$O!"=;>&>pJs%7%9%F%`3t<02qe$GK]Lu$7$F$*$j$^$9!#(B
(BSCS$B$OK\OBLu$,@53N$J>pJs$K$J$k$h$&EX$a$5$;$FD:$-$^$9!#$7$+$7$J$,$i!"@53N(B
$B@-!"40A4@-!"?.Mj@-!"0BA4@-Ey$K4X$7$F!"$$$+$J$k@UG$$bIi$o$J$$$3$H$HCW$7$^(B
$B$9!#(B
(B
(B
(BCopyright (c) 1998-2005 eEye Digital Security
(BPermission is hereby granted for the redistribution of this alert
(Belectronically. It is not to be edited in any way without express
(Bconsent of eEye.  If you wish to reprint the whole or any part of this
(Balert in any other medium excluding electronic medium, please email
(Balert@xxxxxxxx for permission.
(B
(BDisclaimer
(BThe information within this paper may change without notice. Use of this
(Binformation constitutes acceptance for use in an AS IS condition.  There
(Bare no warranties, implied or express, with regard to this information.
(BIn no event shall the author be liable for any direct or indirect
(Bdamages whatsoever arising out of or in connection with the use or
(Bspread of this information.  Any use of this information is at the
(Buser's own risk.
(B
(B
(B----------------------------------------
(B  $B9b66(B $B>=;R(B <takahashi.akiko@xxxxxxxxx>
(B  $B=;>&>pJs%7%9%F%`3t<02q




Follow-Ups:

Re: Windows$B%a%?%U%!%$%k(B SetPalette$B%(%s%H%j%R!<%W%*!<%P!<%U%m!<@H
From: IIJIMA Hiromitsu







Prev by Date:
Macromedia Flash Player$BIT@5%a%b%j%"%/%;(B$B%9@H

Next by Date:
Re: Windows$B%a%?%U%!%$%k(B SetPalette$B%(%s%H%j%R!<%W%*!<%P!<%U%m!<@H

Previous by thread:
Macromedia Flash Player$BIT@5%a%b%j%"%/%;(B$B%9@H

Next by thread:
Re: Windows$B%a%?%U%!%$%k(B SetPalette$B%(%s%H%j%R!<%W%*!<%P!<%U%m!<@H

Index(es):

Date
Thread