Vulnerability Note VU#640136

Microsoft GDI Windows Metafile AttemptWrite integer overflow

Overview

Microsoft Windows GDI contains an integer overflow in the handling of Windows metafiles, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

I. Description

Microsoft Windows GDI (Graphics Device Interface) enables applications to use graphics and formatted text on both video displays and printers. GDI can be used to handle bitmaps, metafiles, and fonts. Microsoft Windows GDI contains an integer overflow vulnerability in the AttemptWrite() function. This integer overflow leads to a heap overflow.

II. Impact

By convincing a user to view a specially crafted metafile, a remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the user.

III. Solution

Apply an update

This vulnerability is addressed by Microsoft Security Bulletin MS07-046. This bulletin provides an updated version of GDI.

Systems Affected

Vendor	Status	Date Notified	Date Updated
Microsoft Corporation	Vulnerable	14-Aug-2007

References

http://www.microsoft.com/technet/security/bulletin/ms07-046.mspx
http://research.eeye.com/html/advisories/published/AD20070814b.html
http://msdn2.microsoft.com/en-us/library/ms536795.aspx
http://secunia.com/advisories/26423/

Credit

Thanks to Microsoft for reporting this vulnerability, who in turn credit eEye Digital Security.

This document was written by Will Dormann.

Other Information

Date Public:	2007-08-14
Date First Published:	2007-08-14
Date Last Updated:	2007-08-14
CERT Advisory:
CVE-ID(s):	CVE-2007-3034
NVD-ID(s):	CVE-2007-3034
US-CERT Technical Alerts:
Metric:	27.34
Document Revision:	6

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Produced 2007 by US-CERT, a government organization
Disclaimers and copyright information

Get Adobe Reader