---------------------------------------------------------------------- Secunia integrated with Microsoft WSUS http://secunia.com/blog/71/ ---------------------------------------------------------------------- TITLE: Microsoft Windows Paint JPEG Parsing Integer Overflow Vulnerability SECUNIA ADVISORY ID: SA36634 VERIFY ADVISORY: http://secunia.com/advisories/36634/ DESCRIPTION: Tielei Wang has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an integer overflow error in Microsoft Paint when parsing certain image content. This can be exploited to cause a heap-based buffer overflow by tricking a user into viewing a specially crafted JPEG image. Successful exploitation may allow execution of arbitrary code. SOLUTION: Apply patches. Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?familyid=e5861705-8f49-45cb-8a92-cf052ccf4134 Windows XP SP2/SP3: http://www.microsoft.com/downloads/details.aspx?familyid=b2e70df6-7728-4fc3-8df7-8ddb9ba5202f Windows XP Professional x64 Edition SP2: http://www.microsoft.com/downloads/details.aspx?familyid=f8c4acc8-c2f4-41f7-9b32-e7bd791e0155 Windows Server 2003 SP2: http://www.microsoft.com/downloads/details.aspx?familyid=c1efbe73-fc87-4e6a-8b36-81f125a27aec Windows Server 2003 x64 Edition SP2: http://www.microsoft.com/downloads/details.aspx?familyid=9143e435-f0d6-464b-9273-4d1f38f8ff3a Windows Server 2003 with SP2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=ee603435-26af-4ab9-9f22-92734346dc0a PROVIDED AND/OR DISCOVERED BY: Tielei Wang of ICST-ERCIS (Engineering Research Center of Info Security, Institute of Computer Science & Technology, Peking University/China), reported via Secunia. ORIGINAL ADVISORY: MS10-005 (KB978706): http://www.microsoft.com/technet/security/Bulletin/MS10-005.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------