----------------------------------------------------------------------

Did you know that a change in our assessment rating, exploit code
availability, or if an updated patch is released by the vendor, is
not part of this mailing-list?

Click here to learn more:
http://secunia.com/advisories/business_solutions/

----------------------------------------------------------------------

TITLE:
Microsoft Windows GDI Image Parsing Vulnerabilities

SECUNIA ADVISORY ID:
SA33020

VERIFY ADVISORY:
http://secunia.com/advisories/33020/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
>From remote

OPERATING SYSTEM:
Microsoft Windows Storage Server 2003
http://secunia.com/advisories/product/12399/
Microsoft Windows XP Professional
http://secunia.com/advisories/product/22/
Microsoft Windows XP Home Edition
http://secunia.com/advisories/product/16/
Microsoft Windows Vista
http://secunia.com/advisories/product/13223/
Microsoft Windows Server 2008
http://secunia.com/advisories/product/18255/
Microsoft Windows Server 2003 Web Edition
http://secunia.com/advisories/product/1176/
Microsoft Windows Server 2003 Standard Edition
http://secunia.com/advisories/product/1173/
Microsoft Windows Server 2003 Enterprise Edition
http://secunia.com/advisories/product/1174/
Microsoft Windows Server 2003 Datacenter Edition
http://secunia.com/advisories/product/1175/
Microsoft Windows 2000 Server
http://secunia.com/advisories/product/20/
Microsoft Windows 2000 Professional
http://secunia.com/advisories/product/1/
Microsoft Windows 2000 Datacenter Server
http://secunia.com/advisories/product/1177/
Microsoft Windows 2000 Advanced Server
http://secunia.com/advisories/product/21/

DESCRIPTION:
Some vulnerabilities have been reported in Microsoft Windows, which
can be exploited by malicious people to potentially compromise a
vulnerable system.

1) An overflow error in GDI when processing headers in Windows
Metafile (WMF) files can be exploited to cause a buffer overflow via
a specially crafted WMF file.

2) An error exists in the the way the GDI handles file size
parameters in WMF files. This can be exploited to cause a heap-based
buffer overflow via a specially crafted WMF file.

Successful exploitation of these vulnerabilities may allow execution
of arbitrary code.

SOLUTION:
Apply patches.

Microsoft Windows 2000 SP4:
http://www.microsoft.com/downloads/details.aspx?familyid=3B775FB1-1077-455D-AF4A-4CCB5237974F

Windows XP SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=2151FBBA-C464-4D1E-82D4-5B096E82BED0

Windows XP SP3:
http://www.microsoft.com/downloads/details.aspx?familyid=2151FBBA-C464-4D1E-82D4-5B096E82BED0

Windows XP Professional x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?familyid=2247F6A5-AA33-4C68-9EA8-A63488D126D3

Windows Server 2003 SP1/SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=0C396796-0929-4CD2-99E8-3C0F7075A89E

Windows Server 2003 x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?familyid=6D5C7D2F-1A82-4CDF-B3F2-B2C2390C6A64

Windows Server 2003 with SP1 for Itanium-based Systems (optionally
with SP2):
http://www.microsoft.com/downloads/details.aspx?familyid=1EDB62B4-3D0F-4891-B4B3-8F8BC4E7BDFE

Windows Vista (optionally with SP1):
http://www.microsoft.com/downloads/details.aspx?familyid=CDDF9CF6-BDEB-4429-823A-879387A428D7

Windows Vista x64 Edition (optionally with SP1):
http://www.microsoft.com/downloads/details.aspx?familyid=73DC3775-B6F0-40F1-BD36-6B5FB80EB2FA

Windows Server 2008 for 32-bit Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=BBED9E8B-E75E-44EF-BA1D-FD6F852C1F67

Windows Server 2008 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=48AECF4C-1296-490D-BA37-A28E3EC19BD6

Windows Server 2008 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=9BFE15CD-02FF-45CF-85C8-5FF1E6C1A871

PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits Jun Mao, VeriSign iDefense Labs.
2) The vendor credits Juan Caballero.

ORIGINAL ADVISORY:
MS08-071 (KB956802):
http://www.microsoft.com/technet/security/Bulletin/MS08-071.mspx

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------