| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20080909173034.70C6268019F@sticky.vrt.telus.com> Date: Tue, 9 Sep 2008 13:30:34 -0400 (EDT) From: VR-Subscription-noreply@...urent.com To: full-disclosure@...ts.grok.org.uk; bugtraq@...urityfocus.com Subject: Assurent VR - Microsoft Windows Graphics Rendering Engine WMF Parsing Buffer Overflow Microsoft Windows Graphics Rendering Engine WMF Parsing Buffer Overflow Assurent ID: FSC20080909-12 1. Affected Software Digital Image Suite 2006 Forefront Client Security 1.0 Microsoft Office 2003 SP2, SP3 Microsoft Office PowerPoint Viewer 2003 Microsoft Windows XP prior to SP3 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Works 8 Reference: http://www.microsoft.com/ 2. Vulnerability Summary A vulnerability has been discovered in the Graphics Rendering Engine (GRE) component of Microsoft Windows. Specifically this vulnerability is exposed by the Microsoft Windows GDI+ subsystem. The vulnerability is created by an error in parsing certain Windows Metafile (WMF) files, a standard image file format used by many commonly-used software applications. 3. Vulnerability Analysis A remote attacker may exploit the vulnerability by sending a malicious WMF file to the target system and enticing the target user to view or preview it. A successful code execution attempt will result in arbitrary code to be executed within the security privileges of the currently logged in user. An unsuccessful attack attempt will result in abnormal termination of the program used for opening the malicious file. Applications affected by this vulnerability include Windows Explorer, Internet Explorer, Microsoft Paint, Windows Picture and Fax Viewer, and various Microsoft Office products. Note that the vulnerable file may be embedded inside other formats in the form of OLE objects, allowing the malicious file to appear as RTF files, Microsoft Office documents, or other formats. 4. Vulnerability Detection Assurent has confirmed the vulnerability in: Digital Image Suite 2006 Forefront Client Security 1 Microsoft Office 2003 SP2, SP3 Microsoft Office PowerPoint Viewer 2003 Microsoft Windows XP prior to SP3 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Works 8 5. Workaround Apply the vendor patch, remove file associations to WMF files to avoid opening them, disable thumbnail previews while browsing files, or block the downloading of WMF resources from untrusted networks. 6. Vendor Response Microsoft has released a bulletin addressing this vulnerability. Reference: http://www.microsoft.com/technet/security/Bulletin/MS08-052.mspx 7. Disclosure Timeline 2007-03-20 Reported to vendor 2007-03-22 Initial vendor response 2008-09-09 Coordinated public disclosure 8. Credits Vulnerability Research Team, Assurent Secure Technologies, a TELUS company 9. References CVE: CVE-2008-3014 Vendor: MS08-052 10. About Assurent VRS Assurent's Vulnerability Research Service (VRS) for security product vendors, and Threat Protection Programs (TPP) for MSPs and enterprise security teams, help to eliminate the significant costs incurred by security product vendors, MSPs, and enterprise security teams in responding to and managing critical new security vulnerabilities and other threats including worm & virus outbreaks and other malware. The VRS and TPP services are real-time feeds providing subscribers with detailed analysis of the top security vulnerabilities, focused on the specific needs of each group of customers. http://www.assurent.com/index.php?id=17 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists