SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#625856

Microsoft Windows LoadImage API vulnerable to integer overflow

Overview

The Microsoft Windows LoadImage API routine is vulnerable to an integer overflow that may allow a remote attacker to execute arbitrary code on a vulnerable system.

I. Description

The LoadImage API routine is used to load an image from a file on Microsoft Windows platforms. The LoadImage API is included part of the USER 32 library. A lack of input validation on user supplied input to the LoadImage API routine may allow an integer overflow to occur. If a remote attacker supplies a specially crafted image file to a vulnerable system, that attacker may be able to trigger the integer overflow to compromise that system.

According to public reports, many Microsoft Windows are affected. However, reports also indicate Windows XP with Service Pack 2 is not vulnerable, but we have not confirmed this.

Note that exploits for this vulnerability are publicly available.

II. Impact

If a remote attacker can persuade a user to access a specially crafted image file, the attacker may be able to execute arbitrary code on that user's system, possibly with elevated privileges. Potentially any operation that displays an image could trigger exploitation; for instance, browsing the file system, reading HTML email, or browsing websites.

III. Solution

Apply Patch


Apply a patch as described in Microsoft Security Bulletin MS05-002. Please also note that Microsoft is actively deploying the patches for this vulnerability via Windows Update.

Systems Affected

VendorStatusDate NotifiedDate Updated
Microsoft CorporationUnknown11-Jan-2005

References


http://www.securityfocus.com/archive/1/385342
http://www.xfocus.net/flashsky/icoExp/index.html
http://secunia.com/advisories/13645/
http://www.microsoft.com/technet/security/bulletin/ms05-002.mspx

Credit

This vulnerability was reported by flashsky fangxing and eEye Digital Security.

This document was written by Jeff Gennari.

Other Information

Date Public:2004-12-23
Date First Published:2005-01-06
Date Last Updated:2005-01-12
CERT Advisory: 
CVE-ID(s):CAN-2004-1049
NVD-ID(s):CAN-2004-1049
US-CERT Technical Alerts: 
Metric:44.75
Document Revision:50

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2005 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader