[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Windows XP explorer.exe heap overflow

To: <full-disclosure@lists.netsys.com>
Subject: Re: [Full-Disclosure] Windows XP explorer.exe heap overflow
From: "Elia Florio" <eflorio@edmaster.it>
Date: Wed, 25 Feb 2004 09:10:15 +0100

> WinXP SP1 (fully patched) german is vuln to AN00010_.wmf
> explorer.exe hogs 100% cpu speed.
> tom

I can confirm that my WinXP SP1 (ITALIAN) fully patched
except for these two updates :

    KB832894 - MS04-004 (%01 vuln in URL string)
    KB828028 - MS04-007 (ASN.1 library bug)

is vuln. to malformed EMF and WMF files.

EXPLORER.EXE goes to 99% CPU usage during preview/rendering of malformed
images.

I've tried to attach a .WMF in a mail message and also Outlook Express
is vuln.; when user receives an email message, OE try to display preview of
images and hang up. Killing OE will not cause any problem to EXPLORER.EXE.

EF

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- RE: [Full-Disclosure] Windows XP explorer.exe heap overflow
  - From: Aditya, ALD [Aditya Lalit Deshmukh]

References:
- [Full-Disclosure] RE: Windows XP explorer.exe heap overflow
  - From: Tom Koehler

Prev by Date: Re: [Full-Disclosure] Advisory 02/2004: Trillian remote overflows -> maybe this is off-topic, but...
Next by Date: RE: [Full-Disclosure] Double copies
Previous by thread: [Full-Disclosure] RE: Windows XP explorer.exe heap overflow
Next by thread: RE: [Full-Disclosure] Windows XP explorer.exe heap overflow
Index(es):
- Date
- Thread