Vulnerability

CERT-In Vulnerability Note CIVN-2008-0184
Multiple Vulnerabilities in Microsoft Windows GDI

Original Issue Date:December 11, 2008

Severity Rating: HIGH

Systems Affected

Microsoft Windows 2000 Service Pack 4
Windows XP Service Pack 2
Windows XP Service Pack 3
Windows XP Professional x64 Edition
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 1
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP1 for Itanium-based Systems
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista and Windows Vista Service Pack 1
Windows Vista x64 Edition
Windows Vista x64 Edition Service Pack 1
Windows Server 2008 for 32-bit Systems
Windows Server 2008 for x64-based Systems
Windows Server 2008 for Itanium-based Systems

Overview

Multiple vulnerabilities have been reported in Microsoft Windows graphics device interface GDI which could allow remote code execution with the privileges of current user and could provide complete control of an affected system.

Description

1. GDI Integer Overflow Vulnerability ( CVE-2008-2249 )

An integer overflow vulnerability has been reported in Microsoft Windows GDI . This vulnerability could cause when Windows GDI handler calculates the buffer length while processing Windows MetaFile WMF image files. This results in an integer overflow condition, and an undersized heap buffer is being allocated to an application. An attacker could exploit this vulnerability by convincing users to view a specially crafted WMF image file or through email by sending crafted WMF files as an attachment.

2. GDI Heap Overflow Vulnerability ( CVE-2008-3465 )

This is an integer overflow vulnerability caused while Microsoft Windows GDI handler fails to properly check file size parameters in WMF image files, which results in a heap-based buffer overflow. An attacker could exploit this vulnerability by convincing users to view a specially crafted WMF image files. Successful exploitation of this vulnerability could allow remote attacker to execute arbitrary code with the privileges of currently logged in user and take complete control of an affecting system.

Workaround

Turn off metafile processing by modifying the registry
Read E-mail in Plain Text
Turn off metafile processing by modifying the registry

Solution

Apply appropriate patches as mentioned in Microsoft Security Bulletin MS08-071

Vendor Information

Microsoft
http://www.microsoft.com/technet/security/Bulletin/ms08-071.mspx

References

Microsoft
http://www.microsoft.com/technet/security/Bulletin/ms08-071.mspx
http://support.microsoft.com/kb/959070

iDefense Labs
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=762

CISCO
http://tools.cisco.com/security/center/viewAlert.x?alertId=17150
http://tools.cisco.com/security/center/viewAlert.x?alertId=17157

SecurityTracker
http://www.securitytracker.com/alerts/2008/Dec/1021365.html

Secunia
http://secunia.com/advisories/33020/

CVE Name
CVE-2008-2249
CVE-2008-3465

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Email: info@cert-in.org.in
Phone: +91-11-2436857

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India