[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] Assurent VR - Microsoft Windows Graphics Rendering Engine WMF Parsing Buffer Overflow
- To: full-disclosure@xxxxxxxxxxxxxxxxx;bugtraq@xxxxxxxxxxxxxxxxx;
- Subject: [Full-disclosure] Assurent VR - Microsoft Windows Graphics Rendering Engine WMF Parsing Buffer Overflow
- From: VR-Subscription-noreply@xxxxxxxxxxxx
- Date: Tue, 9 Sep 2008 13:30:34 -0400 (EDT)
Microsoft Windows Graphics Rendering Engine WMF Parsing Buffer Overflow
Assurent ID: FSC20080909-12
1. Affected Software
Digital Image Suite 2006
Forefront Client Security 1.0
Microsoft Office 2003 SP2, SP3
Microsoft Office PowerPoint Viewer 2003
Microsoft Windows XP prior to SP3
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Works 8
Reference: http://www.microsoft.com/
2. Vulnerability Summary
A vulnerability has been discovered in the Graphics Rendering Engine (GRE)
component of Microsoft Windows. Specifically this vulnerability is exposed by
the Microsoft Windows GDI+ subsystem. The vulnerability is created by an error
in parsing certain Windows Metafile (WMF) files, a standard image file format
used by many commonly-used software applications.
3. Vulnerability Analysis
A remote attacker may exploit the vulnerability by sending a malicious WMF file
to the target system and enticing the target user to view or preview it. A
successful code execution attempt will result in arbitrary code to be executed
within the security privileges of the currently logged in user. An unsuccessful
attack attempt will result in abnormal termination of the program used for
opening the malicious file.
Applications affected by this vulnerability include Windows Explorer, Internet
Explorer, Microsoft Paint, Windows Picture and Fax Viewer, and various
Microsoft Office products. Note that the vulnerable file may be embedded inside
other formats in the form of OLE objects, allowing the malicious file to appear
as RTF files, Microsoft Office documents, or other formats.
4. Vulnerability Detection
Assurent has confirmed the vulnerability in:
Digital Image Suite 2006
Forefront Client Security 1
Microsoft Office 2003 SP2, SP3
Microsoft Office PowerPoint Viewer 2003
Microsoft Windows XP prior to SP3
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Works 8
5. Workaround
Apply the vendor patch, remove file associations to WMF files to avoid opening
them, disable thumbnail previews while browsing files, or block the downloading
of WMF resources from untrusted networks.
6. Vendor Response
Microsoft has released a bulletin addressing this vulnerability.
Reference: http://www.microsoft.com/technet/security/Bulletin/MS08-052.mspx
7. Disclosure Timeline
2007-03-20 Reported to vendor
2007-03-22 Initial vendor response
2008-09-09 Coordinated public disclosure
8. Credits
Vulnerability Research Team, Assurent Secure Technologies, a TELUS company
9. References
CVE: CVE-2008-3014
Vendor: MS08-052
10. About Assurent VRS
Assurent's Vulnerability Research Service (VRS) for security product vendors,
and Threat Protection Programs (TPP) for MSPs and enterprise security teams,
help to eliminate the significant costs incurred by security product vendors,
MSPs, and enterprise security teams in responding to and managing critical new
security vulnerabilities and other threats including worm & virus outbreaks and
other malware. The VRS and TPP services are real-time feeds providing
subscribers with detailed analysis of the top security vulnerabilities, focused
on the specific needs of each group of customers.
http://www.assurent.com/index.php?id=17
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/