Secunia Logo
 Vulnerability IntelligenceVulnerability ScanningBlog - new entry!Corporate InformationOnline ShopCustomer Login  
 Secunia AdvisoriesSecunia ResearchBinary Analysis  
Home > Vulnerability Intelligence > Secunia Advisories > Microsoft Multiple Products JPEG Processing Buffer Overflow Vulnerability
Secunia Advisories
Advisories
Search
Advisories by Product
Advisories by Vendor
Historic Advisories
Mailing Lists & RSS
Report Vulnerability
Contact Form
Business Solutions Restricted
Partner Solutions Restricted
About
 
Microsoft Multiple Products JPEG Processing Buffer Overflow Vulnerability
Secunia Advisory: SA12528
Advisory Toolbox:
Issue ticket
Save in to-do list
Mark as handled
Exploit information
Download as PDF
Review actions
Add comment
Release Date: 2004-09-14
Last Update: 2004-12-15
Popularity: 52,262 views

Critical:
Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch

OS:Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional

Software:Microsoft .NET Framework 1.x
Microsoft Digital Image Pro 7.x
Microsoft Digital Image Pro 9.x
Microsoft Digital Image Suite 9.x
Microsoft Frontpage 2002
Microsoft Greetings 2002
Microsoft Internet Explorer 6.x
Microsoft Office 2003 Professional Edition
Microsoft Office 2003 Small Business Edition
Microsoft Office 2003 Standard Edition
Microsoft Office 2003 Student and Teacher Edition
Microsoft Office Project 2002
Microsoft Office XP
Microsoft Outlook 2002
Microsoft Outlook 2003
Microsoft Picture It! 2002
Microsoft Picture It! 7.x
Microsoft Picture It! 9.x
Microsoft PowerPoint 2002
Microsoft Producer for Microsoft Office PowerPoint 2003
Microsoft Project 2003
Microsoft Publisher 2002
Microsoft Visio 2002
Microsoft Visio 2003
Microsoft Visual FoxPro 8.x
Microsoft Visual Studio .NET 2002
Microsoft Visual Studio .NET 2003
Microsoft Word 2002
Subscribe: Instant alerts on relevant vulnerabilities

CVE reference:CVE-2004-0200
Description:
Nick DeBaggis has reported a vulnerability in multiple Microsoft products, which can be exploited by malicious people to compromise a user's system.

The vulnerability in caused due to a boundary error within the GDI+ JPEG Parsing component (Gdiplus.dll). This can be exploited to cause a buffer overflow by tricking a user into viewing a specially crafted JPEG image with any application using the vulnerable component for JPEG image processing.

Successful exploitation allows execution of arbitrary code with the privileges of the user.

The following products are affected:
* Microsoft Windows XP and Microsoft Windows XP Service Pack 1
* Microsoft Windows XP 64-Bit Edition Service Pack 1
* Microsoft Windows XP 64-Bit Edition Version 2003
* Microsoft Windows Server 2003
* Microsoft Windows Server 2003 64-Bit Edition
* Microsoft Office XP Service Pack 3
* Microsoft Office 2003
* Microsoft Project 2002 Service Pack 1 (all versions)
* Microsoft Project 2003 (all versions)
* Microsoft Visio 2002 Service Pack 2 (all versions)
* Microsoft Visio 2003 (all versions)
* Microsoft Visual Studio .NET 2002
* Microsoft Visual Studio .NET 2003
* Microsoft .NET Framework version 1.0 SDK Service Pack 2
* Microsoft Picture It! 2002 (all versions)
* Microsoft Greetings 2002
* Microsoft Picture It! version 7.0 (all versions)
* Microsoft Digital Image Pro version 7.0
* Microsoft Picture It! version 9 (all versions, including Picture It! Library)
* Microsoft Digital Image Pro version 9
* Microsoft Digital Image Suite version 9
* Microsoft Producer for Microsoft Office PowerPoint (all versions)
* Microsoft Platform SDK Redistributable: GDI+
* Internet Explorer 6 Service Pack 1
* Microsoft .NET Framework version 1.0 Service Pack 2
* Microsoft .NET Framework version 1.1
* Microsoft Visual FoxPro 8.0
* Microsoft Visual FoxPro 8.0 Runtime Library

NOTE: Office 2003 Service Pack 1, Visio 2003 Service Pack 1, and Project 2003 Service Pack 1 are NOT affected. Also note that Windows XP Service Pack 2 is NOT vulnerable, but systems running this version may still be affected if a vulnerable Office, Visio, or Project application is installed.

NOTE: Systems may also still be vulnerable if an installed third party application has installed the vulnerable component and uses it for JPEG image processing.

Solution:
Microsoft has issued patches (see original vendor advisory).

Provided and/or discovered by:
Nick DeBaggis

Changelog:
2004-09-15: Added link to US-CERT vulnerability note.
2004-12-15: Vendor issues security updates for Microsoft .NET Framework version 1.0 Service Pack 2, Microsoft .NET Framework version 1.1, Visual FoxPro 8.0, and Visual FoxPro 8.0 Runtime Library.

Original Advisory:
MS04-028 (KB833987):
http://www.microsoft.com/technet/security/bulletin/ms04-028.mspx

Other References:
KB article describing a tool, which can identify vulnerable components on a system:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;873374

US-CERT VU#297462:
http://www.kb.cert.org/vuls/id/297462

Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.

Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
  
Latest Advisories

20th Nov, 2008
New advisories: 24
New vulnerabilities: 48
Updated advisories: 34

Highly // 322 views
Alex Multiple Products File Upload Vulnerability
Moderately // 312 views
ClipShare "chid" SQL Injection Vulnerability
Moderately // 309 views
MauryCMS "c" SQL Injection Vulnerability
Less // 342 views
MyTopix "send" SQL Injection Vulnerability
Less // 358 views
MailScanner "trend-autoupdate" Insecure Temporary Files
Not // 330 views
P3nfs Insecure Temporary Files
Less // 365 views
pam_mount "passwdehd" Insecure Temporary Files
Less // 349 views
refbase "headerMsg" Cross-Site Scripting Vulnerability
Highly // 429 views
imlib2 XPM Processing Buffer Overflow Vulnerability
Less // 353 views
SystemImager "si_mkbootserver" Insecure Temporary Files

Solutions | More...  

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.

Ideas, suggestions, and other feedback are most welcome.

Most Popular - 3 Hours

1. ClipShare "chid" SQL Injection Vulnerability // 36 views
2. MauryCMS "c" SQL Injection Vulnerability // 33 views
3. MyTopix "send" SQL Injection Vulnerability // 33 views
4. Alex Multiple Products File Upload Vulnerability // 33 views
5. Symantec Backup Exec for Windows Servers Multiple Vulnerabilities // 32 views
6. HP OpenView Network Node Manager Cross-Site Scripting Vulnerabilities // 30 views
7. pam_mount "passwdehd" Insecure Temporary Files // 27 views
8. MailScanner "trend-autoupdate" Insecure Temporary Files // 24 views
9. P3nfs Insecure Temporary Files // 23 views
10. imlib2 XPM Processing Buffer Overflow Vulnerability // 22 views



Contact | Terms & Conditions and Copyright | Report Vulnerability | Press | Jobs | About Secunia
Copyright Secunia 2002-2008