---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: Microsoft Windows GDI Image Parsing Buffer Overflows SECUNIA ADVISORY ID: SA29704 VERIFY ADVISORY: http://secunia.com/advisories/29704/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote OPERATING SYSTEM: Microsoft Windows XP Professional http://secunia.com/product/22/ Microsoft Windows XP Home Edition http://secunia.com/product/16/ Microsoft Windows Vista http://secunia.com/product/13223/ Microsoft Windows Storage Server 2003 http://secunia.com/product/12399/ Microsoft Windows Server 2003 Web Edition http://secunia.com/product/1176/ Microsoft Windows Server 2003 Standard Edition http://secunia.com/product/1173/ Microsoft Windows Server 2003 Enterprise Edition http://secunia.com/product/1174/ Microsoft Windows Server 2003 Datacenter Edition http://secunia.com/product/1175/ Microsoft Windows 2000 Server http://secunia.com/product/20/ Microsoft Windows 2000 Professional http://secunia.com/product/1/ Microsoft Windows 2000 Datacenter Server http://secunia.com/product/1177/ Microsoft Windows 2000 Advanced Server http://secunia.com/product/21/ Microsoft Windows Server 2008 http://secunia.com/product/18255/ DESCRIPTION: Two vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system. 1) An error in the way GDI (Graphics Device Interface) handles integer calculations when processing image file headers can be exploited to cause a heap-based buffer overflow via a specially crafted EMF or WMF image file. 2) A boundary error in GDI when handling filename parameters in EMF files can be exploited to cause a stack-based buffer overflow via a specially crafted EMF file. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. SOLUTION: Apply patches. Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?familyid=caac000a-22b6-48cb-aa00-1a0bfe886de2 Windows XP SP2: http://www.microsoft.com/downloads/details.aspx?familyid=c2763dd8-a03e-4a48-aa86-a7ec00250a7a Windows XP Professional x64 Edition (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?familyid=166f2ab5-913c-47a9-86fe-b814797b751e Windows Server 2003 SP1/SP2: http://www.microsoft.com/downloads/details.aspx?familyid=bee91d80-d49a-4d3d-82d6-d5aa63f54979 Windows Server 2003 x64 Edition (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?familyid=e3dde449-e062-4ce0-a9f4-433bff23e224 Windows Server 2003 with SP1/SP2 for Itanium-based systems: http://www.microsoft.com/downloads/details.aspx?familyid=7886a802-f2b5-489c-b14b-631f4c4c0742 Windows Vista (optionally with SP1): http://www.microsoft.com/downloads/details.aspx?familyid=9b51deb8-3873-4146-977f-7e3d0840a4c5 Windows Vista x64 Edition (optionally with SP1): http://www.microsoft.com/downloads/details.aspx?familyid=4ad6dcd1-6ea5-43bf-8bee-a5f507beadc6 Windows Server 2008 for 32-bit systems: http://www.microsoft.com/downloads/details.aspx?familyid=006d5c47-53e6-4ee1-932c-497611804938 Windows Server 2008 for x64-based systems: http://www.microsoft.com/downloads/details.aspx?familyid=8909f144-655b-4f07-916f-fd967f1efb2b Windows Server 2008 for Itanium-based systems: http://www.microsoft.com/downloads/details.aspx?familyid=b7771a4a-4e4f-48d1-8551-bb8b778ca5a7 PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits: * Jun Mao, iDefense Labs. * Sebastian Apelt, Zero Day Initiative. * Thomas Garnier, SkyRecon. 2) Yamata Li ORIGINAL ADVISORY: MS08-021 (KB948590): http://www.microsoft.com/technet/security/Bulletin/MS08-021.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------