|
Microsoft Windows Enhanced/Windows Metafile Handling Vulnerability
|
|
|
|
|
Secunia Advisory:
|
SA10968
|
|
|
Release Date:
|
2004-02-25
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Privilege escalation
DoS
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Unpatched
|
|
| OS: | Microsoft Windows XP Home Edition
Microsoft Windows XP Professional
|
|
|
|
This advisory is currently marked as unpatched!
- Companies can be alerted when a patch is released! |
|
|
Description:
A vulnerability has been reported in Windows XP, which potentially can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to boundary errors (possibly in "shimgvw.dll") when processing Enhanced Metafiles (".emf"). The problem is that memory is allocated based on size information in the file's header.
This can be exploited to cause heap overflows by specifying a "Size" field, which is smaller (e.g. 1 byte) than the actual size of the file and header. The vulnerability will be triggered by either viewing a malicious file or by navigating to a directory, which contains a malicious file and displays it as a thumbnail.
Successful exploitation crashes "explorer.exe" but may reportedly also allow execution of arbitrary code.
NOTE: Windows Metafiles (".wmf") with malformed "Size" fields will also impact functionality somewhat by consuming 99% CPU resources.
Solution:
Grant only trusted users access to affected systems. Don't view untrusted ".emf" files. Don't display the contents of directories as thumbnails.
Provided and/or discovered by:
Jellytop
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
225 Related Secunia Security Advisories, displaying 10
|
|
|
1. Microsoft Windows DNS Spoofing Vulnerabilities
|
|
2. Microsoft Windows Pragmatic General Multicast Denial of Service
|
|
3. Microsoft Windows Active Directory LDAP Request Processing Denial of Service
|
|
4. Microsoft DirectX MJPEG/SAMI File Processing Vulnerabilities
|
|
5. Microsoft Windows Speech Recognition Security Issue
|
|
6. Apple Safari on Windows Code Execution Vulnerability
|
|
7. Microsoft Windows XP I2O Utility Filter Driver Privilege Escalation
|
|
8. Microsoft Windows Bluetooth SDP Packet Processing Vulnerability
|
|
9. Microsoft Windows Privilege Escalation Vulnerability
|
|
10. Microsoft Windows Kernel Privilege Escalation Vulnerability
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
