|
|
|
Microsoft Products GDI+ Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA31675
|
|
|
Release Date:
|
2008-09-09
|
|
Last Update:
|
2009-03-11
|
|
Popularity:
|
13,225 views
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| OS: | Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2008
Microsoft Windows Storage Server 2003
Microsoft Windows Vista
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional
|
| | Software: | Microsoft .NET Framework 1.x
Microsoft .NET Framework 2.x
Microsoft Digital Image 2006 11.x
Microsoft Expression Web 1.x
Microsoft Expression Web 2.x
Microsoft Forefront Client Security 1.x
Microsoft Internet Explorer 6.x
Microsoft Office 2003 Professional Edition
Microsoft Office 2003 Small Business Edition
Microsoft Office 2003 Standard Edition
Microsoft Office 2003 Student and Teacher Edition
Microsoft Office 2007
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
Microsoft Office Excel Viewer 2003
Microsoft Office Groove 2007
Microsoft Office PowerPoint Viewer 2003
Microsoft Office PowerPoint Viewer 2007
Microsoft Office Project 2002
Microsoft Office Word Viewer
Microsoft Office Word Viewer 2003
Microsoft Office XP
Microsoft Platform SDK Redistributable: GDI+
Microsoft Report Viewer 2005
Microsoft Report Viewer 2008
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition 3.x
Microsoft SQL Server 2005 Express Edition
Microsoft Visio 2002
Microsoft Visio 2003 Viewer
Microsoft Visio 2007 Viewer
Microsoft Visual FoxPro 8.x
Microsoft Visual FoxPro 9.x
Microsoft Visual Studio .NET 2002
Microsoft Visual Studio .NET 2003
Microsoft Visual Studio 2005
Microsoft Visual Studio 2008
Microsoft Works 8.x
SQL Server 2000 Reporting Services
|
|
|
Binary Analysis:
|
BA571 :: Available for 1 Credit 
BA565 :: Available for 1 Credit
BA558 :: Available for 1 Credit
BA577 :: Available for 1 Credit
BA566 :: Available for 1 Credit
BA567 :: Available for 1 Credit
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 2 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Solution:
Apply patches.
Windows XP SP2/SP3:
http://www.microsoft.com/downloads/de...=e0bd6fbe-f46e-4961-9a79-49ec77d39439
Windows XP Professional x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/de...=c5d26771-1f49-4bbf-902c-bf92e527cadb
Windows Server 2003 SP1/SP2:
http://www.microsoft.com/downloads/de...=ac03f138-eca4-46e1-9782-e811820e547f
Windows Server 2003 x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/de...=93f1451b-5b62-47e5-8f0c-b720b957999a
Windows Server 2003 with SP1/SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/de...=14e99f8a-cdd4-40d7-8cfc-73ae6bd6dfad
Windows Vista (optionally with SP1):
http://www.microsoft.com/downloads/de...=16f3ad21-ed77-4c32-93df-3b650b2b32a5
Windows Vista x64 Edition (optionally with SP1):
http://www.microsoft.com/downloads/de...=aa47d016-f5c9-4586-8876-f1f4f255f54d
Windows Server 2008 for 32-bit Systems:
http://www.microsoft.com/downloads/de...=23bd3be5-cc66-46f8-9420-49d65d8afe1d
Windows Server 2008 for x64-based Systems:
http://www.microsoft.com/downloads/de...=7f1e0f05-6c9d-4ad1-9b19-50ee4fa7bd7e
Windows Server 2008 for Itanium-based Systems:
http://www.microsoft.com/downloads/de...=5159bdba-3825-4816-a2be-ab035332b9e2
Internet Explorer 6 SP1 (Windows 2000 SP4):
http://www.microsoft.com/downloads/de...=a860d2d9-653d-4ddb-bbff-323d3ccdb866
Microsoft .NET Framework 1.0 SP3 (Windows 2000 SP4):
http://www.microsoft.com/downloads/de...=C7CBCD19-ACC1-4A89-ADFA-99B2F431510D
Microsoft .NET Framework 1.1 SP1 (Windows 2000 SP4):
http://www.microsoft.com/downloads/de...=6013F866-3EA1-4672-B1BF-E516204C3A7A
Microsoft .NET Framework 2.0 (Windows 2000 SP4):
http://www.microsoft.com/downloads/de...=7F1CD013-2C4B-4582-9114-CB840A96124A
Microsoft .NET Framework 2.0 SP1 (Windows 2000 SP4):
http://www.microsoft.com/downloads/de...=215B73A3-46AB-44A8-A0FB-6D37BD1C39B8
Microsoft Office XP SP3:
http://www.microsoft.com/downloads/de...=ef3de64c-fc17-4500-9da4-a3bba97fda6d
Microsoft Office 2003 SP2:
http://www.microsoft.com/downloads/de...=e9f8e309-d721-4bab-b485-5eede8d49eb8
Microsoft Office 2003 SP3:
http://www.microsoft.com/downloads/de...=e9f8e309-d721-4bab-b485-5eede8d49eb8
2007 Microsoft Office System:
http://www.microsoft.com/downloads/de...=4b656fe8-6253-490c-a81a-e4e8f0bb58d2
2007 Microsoft Office System SP1:
http://www.microsoft.com/downloads/de...=4b656fe8-6253-490c-a81a-e4e8f0bb58d2
Microsoft Visio 2002 SP2:
http://www.microsoft.com/downloads/de...=a6d9d3ef-f087-4f61-9ec1-522b7d4b9c48
Microsoft Office PowerPoint Viewer 2003:
http://www.microsoft.com/downloads/de...=cd503f08-1831-45ff-bdf4-dd918ca40505
Microsoft Works 8:
http://www.microsoft.com/downloads/de...=EB0D224E-A517-40D9-9FC6-2345FA12A841
Microsoft Digital Image Suite 2006:
http://www.microsoft.com/downloads/de...=04afd760-8173-4069-9e82-d3bf053d9eae
SQL Server 2000 Reporting Services SP2 (QFE):
http://www.microsoft.com/downloads/de...=5F9E7F78-7439-414B-A9DC-A779B89427DB
SQL Server 2005 SP2 (GDR):
http://www.microsoft.com/downloads/de...=4603C722-2468-4ADB-B945-2ED0458B8F47
SQL Server 2005 SP2 (QFE):
http://www.microsoft.com/downloads/de...=5148B887-F323-4ADB-9721-61E1C0CFD213
SQL Server 2005 x64 Edition SP2 (GDR):
http://www.microsoft.com/downloads/de...=4603C722-2468-4ADB-B945-2ED0458B8F47
SQL Server 2005 x64 Edition SP2 (QFE):
http://www.microsoft.com/downloads/de...=5148B887-F323-4ADB-9721-61E1C0CFD213
SQL Server 2005 for Itanium-based Systems SP2 (GDR):
http://www.microsoft.com/downloads/de...=4603C722-2468-4ADB-B945-2ED0458B8F47
SQL Server 2005 for Itanium-based Systems SP2 (QFE):
http://www.microsoft.com/downloads/de...=5148B887-F323-4ADB-9721-61E1C0CFD213
Microsoft Visual Studio .NET 2002 SP1:
http://www.microsoft.com/downloads/de...=7848A652-4025-44BB-9C98-37A078B56D01
Microsoft Visual Studio .NET 2003 SP1:
http://www.microsoft.com/downloads/de...=9BC1E8F8-6C30-4AA0-90F5-FBB0AD5FD90E
Microsoft Visual Studio 2005 SP1:
http://www.microsoft.com/downloads/de...=A7BF790B-3249-4EE8-9440-FA911EBBC08A
Microsoft Visual Studio 2008:
http://www.microsoft.com/downloads/de...=A8C80B29-6D00-4949-A005-5D706122919A
Microsoft Report Viewer 2005 SP1 Redistributable Package:
http://www.microsoft.com/downloads/de...=82833F27-081D-4B72-83EF-2836360A904D
Microsoft Report Viewer 2008 Redistributable Package:
http://www.microsoft.com/downloads/de...=6AE0AA19-3E6C-474C-9D57-05B2347456B1
Microsoft Visual FoxPro 8.0 SP1 (Windows 2000 SP4):
http://www.microsoft.com/downloads/de...=1F4371B9-B8BE-4455-94D2-2304EE340543
Microsoft Visual FoxPro 9.0 SP1 (Windows 2000 SP4):
http://www.microsoft.com/downloads/de...=49B21E30-722D-446E-9020-ACEB3870DB69
Microsoft Visual FoxPro 9.0 SP2 (Windows 2000 SP4):
http://www.microsoft.com/downloads/de...=36957F47-9D8B-477D-BD60-5959E5A2EAFA
Microsoft Platform SDK Redistributable: GDI+:
http://www.microsoft.com/downloads/de...=6A63AB9C-DF12-4D41-933C-BE590FEAA05A
Microsoft Forefront Client Security 1.0 (Windows 2000 SP4):
http://www.microsoft.com/downloads/de...=1EB1A79F-44CA-499E-90BB-AC51894E9D1E
Microsoft Office Project 2002 Service Pack 2:
http://www.microsoft.com/downloads/de...=ef3de64c-fc17-4500-9da4-a3bba97fda6d
Microsoft Office Word Viewer, Microsoft Word Viewer 2003, Microsoft Word Viewer 2003 Service Pack 3, Microsoft Office Excel Viewer 2003, Microsoft Office Excel Viewer 2003 Service Pack 3, Microsoft Visio 2003 Viewer:
http://www.microsoft.com/downloads/de...=e9f8e309-d721-4bab-b485-5eede8d49eb8
Microsoft Office Excel Viewer, Microsoft Office PowerPoint Viewer 2007, Microsoft Office PowerPoint Viewer 2007 Service Pack 1, Microsoft Visio 2007 Viewer, Microsoft Visio 2007 Viewer Service Pack 1:
http://www.microsoft.com/downloads/de...=4b656fe8-6253-490c-a81a-e4e8f0bb58d2
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats (optionally SP1):
http://www.microsoft.com/downloads/de...=4b656fe8-6253-490c-a81a-e4e8f0bb58d2
Microsoft Expression Web and Microsoft Expression Web 2:
http://www.microsoft.com/downloads/de...=4b656fe8-6253-490c-a81a-e4e8f0bb58d2
Microsoft Office Groove 2007 and Microsoft Office Groove 2007 SP1:
http://www.microsoft.com/downloads/de...=4b656fe8-6253-490c-a81a-e4e8f0bb58d2
NOTE: Microsoft has issued a Security Update that sets the kill-bit for affected components.
http://support.microsoft.com/kb/956391
Provided and/or discovered by:
1) The vendor credits Greg MacManus, iDefense Labs.
2) The vendor credits Bing Liu, Fortinet.
3) The vendor credits Ivan Fratric via ZDI and Peter Winter-Smith, NGSSoftware.
4) The vendor credits Assurent Secure Technologies.
5) The vendor credits an anonymous person via ZDI.
Changelog:
2008-09-10: Added additional information provided by iDefense and ZDI. Added link to Assurent advisory.
2008-09-15: Added "Microsoft Project 2002", "Microsoft Office Word Viewer", "Microsoft Word Viewer 2003", "Microsoft Office Excel Viewer", "Microsoft Excel Viewer 2003", "Microsoft Office PowerPoint Viewer 2007", "Microsoft Office Visio 2003 Viewer", "Microsoft Office Visio Viewer 2007", and "Microsoft Office Visio Viewer 2007" to list of affected products. Updated "Solution" section with additional patch information.
2008-10-15: Added note to "Solution" section. Added link to "Original Advisory" section.
2008-12-11: Added "Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats (optionally SP1)", "Microsoft Expression Web and Microsoft Expression Web 2", and "Microsoft Office Groove 2007 and Microsoft Office Groove 2007 SP1" to list of affected products.
2009-03-11: The vendor has rereleased update packages for "Windows XP Service Pack 3" and "Windows Server 2003 Service Pack 2". Users who applied the original update for "Windows XP Service Pack 2" or "Windows Server 2003 Service Pack 1" and then upgraded to "Windows XP Service Pack 3" or "Windows Server 2003 Service Pack 2" are affected by a regression. Please see the updated vendor advisory for more information.
Original Advisory:
MS08-052 (KB954593, KB938464):
http://www.microsoft.com/technet/security/Bulletin/MS08-052.mspx
Microsoft:
http://www.microsoft.com/technet/security/advisory/956391.mspx
iDefense Labs:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=743
ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-08-055/
http://www.zerodayinitiative.com/advisories/ZDI-08-056/
Assurent:
http://lists.grok.org.uk/pipermail/full-disclosure/2008-September/064334.html
Extended Solution:
The "Extended Solution" section is available for Secunia customers only. Request a trial and get access to the Secunia Customer Area and Extended Secunia advisories.
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
12th Nov, 2009
|
New advisories:
|
11 |
|
New vulnerabilities:
|
38 |
|
Updated advisories:
|
16 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 Solutions | More...
|
|
|
|
Send Feedback to Secunia
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
|
