lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: thelovenasium at hotmail.com (Anonymous)
Subject: Fw: Alert: Microsoft Security Bulletin MS04-028 - Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)

----- Original Message ----- 
From: "Russ Cooper" <Russ.Cooper@...SECURE.CA>
To: <NTBUGTRAQ@...TSERV.NTBUGTRAQ.COM>
Sent: Tuesday, September 14, 2004 11:07 AM
Subject: Alert: Microsoft Security Bulletin MS04-028 - Buffer Overrun in 
JPEG Processing (GDI+) Could Allow Code Execution (833987)


Microsoft Security Bulletin MS04-028:
Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)

Bulletin URL:
<http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx>

Version Number: 1.0
Issued Date: Tuesday, September 14, 2004
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Patch(es) Replaced: None
Caveats: If you have installed any of the affected programs or affected 
components listed in this bulletin, you should install the required security 
update for each of the affected programs or affected components. This may 
require the installation of multiple security updates. See the FAQ section 
of this bulletin for more information.

Tested Software:
Affected Software:
------------------
* Microsoft Windows XP and Microsoft Windows XP Service Pack 1
<http://tinyurl.com/3uql4>
* Microsoft Windows XP 64-Bit Edition Service Pack 1
<http://tinyurl.com/5n5d6>
* Microsoft Windows XP 64-Bit Edition Version 2003
<http://tinyurl.com/4qwh5>
* Microsoft Windows Server(tm) 2003
<http://tinyurl.com/6jb97>
* Microsoft Windows Server 2003 64-Bit Edition
<http://tinyurl.com/4cd2l>
* Microsoft Office XP Service Pack 3 Microsoft Office XP Service Pack 3 
Software:
- Outlook. 2002
- Word 2002
- Excel 2002
- PowerPoint. 2002
- FrontPage. 2002
- Publisher 2002
<http://tinyurl.com/64orn>
* Microsoft Office 2003 Microsoft Office 2003 Software:
- Outlook. 2003
- Word 2003
- Excel 2003
- PowerPoint. 2003
- FrontPage. 2003
- Publisher 2003
- InfoPath(tm) 2003
- OneNote(tm) 2003
<http://tinyurl.com/58zvm>
* Microsoft Project 2002 Service Pack 1 (all versions)
<http://tinyurl.com/7xuno>
* Microsoft Project 2003 (all versions)
<http://tinyurl.com/5ba7j>
* Microsoft Visio 2002 Service Pack 2 (all versions)
<http://tinyurl.com/67g3k>
* Microsoft Visio 2003 (all versions)
<http://tinyurl.com/4xhuy>
* Microsoft Visual Studio .NET 2002 Microsoft Visual Studio .NET 2002 
Software:
- Visual Basic .NET Standard 2002
- Visual C# .NET Standard 2002
- Visual C++ .NET Standard 2002
<http://tinyurl.com/5ptm3>
* Microsoft Visual Studio .NET 2003 Microsoft Visual Studio .NET 2003 
Software:
- Visual Basic .NET Standard 2003
- Visual C# .NET Standard 2003
- Visual C++ .NET Standard 2003
- Visual J# .NET Standard 2003
<http://tinyurl.com/4tnq2>
* The Microsoft .NET Framework version 1.0 SDK Service Pack 2
<http://tinyurl.com/6m2z4>
* Microsoft Picture It!. 2002 (all versions)
<http://tinyurl.com/3q869>
* Microsoft Greetings 2002
<http://tinyurl.com/3q869>
* Microsoft Picture It! version 7.0 (all versions)
<http://tinyurl.com/3q869>
* Microsoft Digital Image Pro version 7.0
<http://tinyurl.com/3q869>
* Microsoft Picture It! version 9 (All Versions, including Picture It! 
Library)
<http://tinyurl.com/3q869>
* Microsoft Digital Image Pro version 9
<http://tinyurl.com/3q869>
* Microsoft Digital Image Suite version 9
<http://tinyurl.com/3q869>
* Microsoft Producer for Microsoft Office PowerPoint (all versions) 
Microsoft Platform SDK Redistributable: GDI+ - Download the update
<http://tinyurl.com/lp5p>

Affected Components:
--------------------
* Internet Explorer 6 Service Pack 1
<http://tinyurl.com/5zjvb>
* The Microsoft .NET Framework version 1.0 Service Pack 2
<http://tinyurl.com/6sxld>
* The Microsoft .NET Framework version 1.1
<http://tinyurl.com/6qcrt>

Technical Description:
----------------------
* JPEG Vulnerability - CAN-2004-0200: A buffer overrun vulnerability exists 
in the processing of JPEG image formats that could allow remote code 
execution on an affected system. Any program that processes JPEG images on 
the affected systems could be vulnerable to this attack, and any system that 
uses the affected programs or components could be vulnerable to this attack. 
An attacker who successfully exploited this vulnerability could take 
complete control of an affected system.

This email is sent to NTBugtraq automagically as a service to my 
subscribers. (v4.01.1664.40858)

Cheers,
Russ - Senior Scientist - TruSecure Corporation/NTBugtraq Editor

-----
NTBugtraq Editor's Note:

Want to reply to the person who sent this message? This list is configured 
such that just hitting reply is going to result in the message coming to the 
list, not to the individual who sent the message. This was done to help 
reduce the number of Out of Office messages posters received. So if you want 
to send a reply just to the poster, you'll have to copy their email address 
out of the message and place it in your TO: field.
-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ