Vulnerability Note VU#297462

Microsoft Windows GDI+ contains a buffer overflow vulnerability in the JPEG parsing component

Original Release date: 14 Sep 2004 | Last revised: 17 Dec 2004

Overview

A buffer overflow vulnerability in the Microsoft Windows GDI+ JPEG parsing component could allow a remote attacker to execute arbitrary code on a vulnerable system.

Description

Microsoft Windows Graphics Device Interface (GDI+) is an application programming interface (API) that provides programmers the ability to display information on screens and printers. GDI+ includes the ability to process JPEG image files. There is a buffer overflow vulnerability in the way the JPEG parsing component of GDI+ (Gdiplus.dll) handles malformed JPEG images. By introducing a specially crafted JPEG file to the vulnerable component, a remote attacker could trigger a buffer overflow condition.

Microsoft notes that Windows XP, Windows XP Service Pack 1, and Windows Server 2003 provide the operating system version of the affected component. For backward compatibility, some third-party applications may install their own copy of the affected component. These include Office XP, Visio 2002, Project 2002, Office 2003, Visio 2003, and Project 2003. If any of these applications are installed on your system, you should apply the patch for these applications. If you use Windows XP, Windows XP Service Pack 1, or Windows Server 2003, you must also install the operating system patch.

Please keep in mind, third-party applications, other than those listed above, may install a copy of the affected component. Any application that uses the Gdiplus.dll file to process JPEG image files is vulnerable.

Impact

A remote, unauthenticated attacker could potentially execute arbitrary code on a vulnerable system by introducing a specially crafted JPEG file. This malicious JPEG image may be introduced to the system via a malicious web page, HTML email, or an email attachment.

Solution

Apply Patch
Apply a patch as described in Microsoft Security Bulletin MS04-028.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Apple Computer Inc.Affected14 Sep 200428 Apr 2005
Microsoft CorporationAffected-14 Sep 2004
Chiaro NetworksNot Affected14 Sep 200416 Sep 2004
ClavisterNot Affected14 Sep 200417 Sep 2004
Extreme NetworksNot Affected14 Sep 200416 Sep 2004
Finjan SoftwareNot Affected14 Sep 200429 Sep 2004
Foundry Networks Inc.Not Affected14 Sep 200416 Sep 2004
IntotoNot Affected14 Sep 200416 Sep 2004
Macromedia Inc.Not Affected15 Sep 200430 Sep 2004
Network ApplianceNot Affected14 Sep 200417 Dec 2004
Opera SoftwareNot Affected14 Sep 200416 Sep 2004
WatchGuardNot Affected14 Sep 200416 Sep 2004
3ComUnknown14 Sep 200416 Sep 2004
Adobe Systems IncorporatedUnknown14 Sep 200416 Sep 2004
Aladdin Knowledge SystemsUnknown14 Sep 200416 Sep 2004
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This vulnerability was reported by Microsoft. In turn, Microsoft credits Nick DeBaggis for discovering this vulnerability.

This document was written by Damon Morda and Jason A. Rafail, and is based on information provided by Microsoft.

Other Information

  • CVE IDs: CAN-2004-0200
  • Date Public: 14 Sep 2004
  • Date First Published: 14 Sep 2004
  • Date Last Updated: 17 Dec 2004
  • Severity Metric: 33.75
  • Document Revision: 25

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.