SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#297462

Microsoft Windows GDI+ contains a buffer overflow vulnerability in the JPEG parsing component

Overview

A buffer overflow vulnerability in the Microsoft Windows GDI+ JPEG parsing component could allow a remote attacker to execute arbitrary code on a vulnerable system.

I. Description

Microsoft Windows Graphics Device Interface (GDI+) is an application programming interface (API) that provides programmers the ability to display information on screens and printers. GDI+ includes the ability to process JPEG image files. There is a buffer overflow vulnerability in the way the JPEG parsing component of GDI+ (Gdiplus.dll) handles malformed JPEG images. By introducing a specially crafted JPEG file to the vulnerable component, a remote attacker could trigger a buffer overflow condition.

Microsoft notes that Windows XP, Windows XP Service Pack 1, and Windows Server 2003 provide the operating system version of the affected component. For backward compatibility, some third-party applications may install their own copy of the affected component. These include Office XP, Visio 2002, Project 2002, Office 2003, Visio 2003, and Project 2003. If any of these applications are installed on your system, you should apply the patch for these applications. If you use Windows XP, Windows XP Service Pack 1, or Windows Server 2003, you must also install the operating system patch.

Please keep in mind, third-party applications, other than those listed above, may install a copy of the affected component. Any application that uses the Gdiplus.dll file to process JPEG image files is vulnerable.

II. Impact

A remote, unauthenticated attacker could potentially execute arbitrary code on a vulnerable system by introducing a specially crafted JPEG file. This malicious JPEG image may be introduced to the system via a malicious web page, HTML email, or an email attachment.

III. Solution

Apply Patch

Apply a patch as described in Microsoft Security Bulletin MS04-028.

Systems Affected

VendorStatusDate NotifiedDate Updated
3ComUnknown16-Sep-2004
Adobe Systems IncorporatedUnknown16-Sep-2004
Aladdin Knowledge SystemsUnknown16-Sep-2004
AlcatelUnknown16-Sep-2004
America Online Inc.Unknown16-Sep-2004
Apple Computer Inc.Vulnerable28-Apr-2005
AT&TUnknown16-Sep-2004
AvayaUnknown16-Sep-2004
Avici Systems Inc.Unknown16-Sep-2004
BorderwareUnknown16-Sep-2004
Charlotte's Web NetworksUnknown16-Sep-2004
Check PointUnknown16-Sep-2004
Chiaro NetworksNot Vulnerable16-Sep-2004
Cisco Systems Inc.Unknown27-Sep-2004
ClavisterNot Vulnerable17-Sep-2004
Command Software SystemsUnknown16-Sep-2004
Computer AssociatesUnknown16-Sep-2004
Cray Inc.Unknown16-Sep-2004
CyberSoftUnknown16-Sep-2004
D-Link SystemsUnknown16-Sep-2004
Data ConnectionUnknown16-Sep-2004
EMC CorporationUnknown16-Sep-2004
eSoftUnknown16-Sep-2004
Extreme NetworksNot Vulnerable16-Sep-2004
F-SecureUnknown16-Sep-2004
F5 NetworksUnknown16-Sep-2004
Finjan SoftwareNot Vulnerable29-Sep-2004
FortinetUnknown16-Sep-2004
Foundry Networks Inc.Not Vulnerable16-Sep-2004
FujitsuUnknown16-Sep-2004
GFI SoftwareUnknown16-Sep-2004
Global Technology AssociatesUnknown16-Sep-2004
HitachiUnknown16-Sep-2004
HyperchipUnknown16-Sep-2004
IBMUnknown16-Sep-2004
IntelUnknown16-Sep-2004
IntotoNot Vulnerable16-Sep-2004
IP FilterUnknown16-Sep-2004
Juniper NetworksUnknown16-Sep-2004
LinksysUnknown16-Sep-2004
Lotus SoftwareUnknown16-Sep-2004
Lucent TechnologiesUnknown16-Sep-2004
LuminousUnknown16-Sep-2004
Macromedia Inc.Not Vulnerable30-Sep-2004
MessageLabsUnknown16-Sep-2004
Microsoft CorporationVulnerable14-Sep-2004
MozillaUnknown16-Sep-2004
Multi-Tech Systems Inc.Unknown16-Sep-2004
NEC CorporationUnknown16-Sep-2004
NETfilterUnknown16-Sep-2004
Network ApplianceNot Vulnerable17-Dec-2004
NextHopUnknown16-Sep-2004
NokiaUnknown16-Sep-2004
Nortel NetworksUnknown16-Sep-2004
Opera SoftwareNot Vulnerable16-Sep-2004
Oracle CorporationUnknown16-Sep-2004
Process SoftwareUnknown16-Sep-2004
Proland SoftwareUnknown16-Sep-2004
Redback Networks Inc.Unknown16-Sep-2004
Riverstone NetworksUnknown16-Sep-2004
SCOUnknown16-Sep-2004
Secure Computing CorporationUnknown16-Sep-2004
SGIUnknown16-Sep-2004
Sony CorporationUnknown16-Sep-2004
SophosUnknown16-Sep-2004
StonesoftUnknown16-Sep-2004
Symantec CorporationUnknown16-Sep-2004
UnisysUnknown16-Sep-2004
WatchGuardNot Vulnerable16-Sep-2004
Wind River Systems Inc.Unknown16-Sep-2004
XeroxUnknown16-Sep-2004
YahooUnknown16-Sep-2004
ZyXELUnknown16-Sep-2004

References


http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx
http://support.microsoft.com/default.aspx?scid=kb;EN-US;873374
http://msdn.microsoft.com/library/en-us/gdicpp/GDIPlus/GDIPlus.asp
http://secunia.com/advisories/12528/

Credit

This vulnerability was reported by Microsoft. In turn, Microsoft credits Nick DeBaggis for discovering this vulnerability.

This document was written by Damon Morda and Jason A. Rafail, and is based on information provided by Microsoft.

Other Information

Date Public:2004-09-14
Date First Published:2004-09-14
Date Last Updated:2004-12-17
CERT Advisory: 
CVE-ID(s):CAN-2004-0200
NVD-ID(s):CAN-2004-0200
US-CERT Technical Alerts: 
Metric:33.75
Document Revision:25

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2004 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader