[PCWorks] Microsoft Products GDI+ Multiple Vulnerabilities
- From: "Clint Hamilton-PCWorks Admin" <PCWorks@xxxxxxxxxxxxxxxxxxxxxxxx>
- To: "PCWorks@xxxxxxxxxxxxx" <pcworks@xxxxxxxxxxxxx>
- Date: Wed, 14 Oct 2009 04:28:44 -0500
TITLE:
Microsoft Products GDI+ Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA37007
Critical: Highly critical
Impact: System access
Where: From remote
VERIFY ADVISORY:
http://secunia.com/advisories/37007/
DESCRIPTION:
Some vulnerabilities have been reported in various Microsoft
products, which can be exploited by malicious people to
compromise a
vulnerable system.
1) An integer overflow exists when processing the number of
colours
used in a bitmap image. This can be exploited to cause a
heap-based
buffer overflow via a specially crafted bitmap image.
2) An integer overflow error in the handling of WMF image files
can
be exploited to cause a heap-based buffer overflow.
3) A boundary error in the processing of PNG files can be
exploited
to cause a heap-based buffer overflow.
4) A boundary error in the processing of TIFF files can be
exploited
to cause a buffer overflow.
5) A unspecified error in the processing of TIFF files can be
exploited to corrupt memory.
6) An integer overflow error in certain GDI+ APIs can be
exploited to
cause a buffer overflow via a specially crafted .NET Framework
application.
7) An integer overflow vulnerability in the processing of PNG
files
can be exploited to cause a buffer overflow.
8) An error exists in the parsing of Office Art Property
Tables,
which can be exploited to corrupt memory when a user opens a
specially crafted Office document.
Successful exploitation of these vulnerabilities allows
execution of
arbitrary code.
SOLUTION:
Apply patches.
Windows XP SP2 / SP3:
http://www.microsoft.com/downloads/details.aspx?familyid=e2acde20-a6d3-4135-b6eb-1214f743d474
Windows XP Professional x64 Edition SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=ad92503a-8c91-4d73-98b0-942d7961637d
Windows Server 2003 SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=414466a4-39a0-476d-9a43-ae7674cbd6a0
Windows Server 2003 x64 Edition SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=eb95e8d9-6ef5-4526-99d2-507e50de049b
Windows Server 2003 with SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=a678ceb9-a37a-4c29-8bd1-f209922990e5
Windows Vista (optionally with SP1):
http://www.microsoft.com/downloads/details.aspx?familyid=19aa01f3-026d-4264-85f8-216d0597969b
Windows Vista x64 Edition (optionally with SP1):
http://www.microsoft.com/downloads/details.aspx?familyid=8f5f0c1d-1dd6-47fa-aef2-d3c96c8fc06e
Windows Server 2008 for 32-bit Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=fd1694af-8873-43aa-9243-91f7cde452b7
Windows Server 2008 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=41bc4cdb-273a-4a6e-80d9-c8ce20e32da9
Windows Server 2008 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=a4f42085-1cb9-4b8d-a931-85be71fdf06d
Microsoft Windows 2000 SP4 (Microsoft Internet Explorer 6 SP1):
http://www.microsoft.com/downloads/details.aspx?familyid=f3fef608-dafb-4b37-a65a-9cc4ae8e2c4c
Microsoft Windows 2000 SP4 (Microsoft .NET Framework 1.1 SP1):
http://www.microsoft.com/downloads/details.aspx?FamilyId=ecf78619-80fa-417d-852b-1b5b2cf574e2
Microsoft Windows 2000 SP4 (Microsoft .NET Framework 2.0 SP1):
http://www.microsoft.com/downloads/details.aspx?FamilyId=3e534aa8-29c2-4379-9f57-931a6ff47418
Microsoft Windows 2000 SP4 (Microsoft .NET Framework 2.0 SP2):
http://www.microsoft.com/downloads/details.aspx?familyid=e6f5e730-85cc-4c08-a50d-c456b1e9f5bc
Microsoft Office XP SP3:
http://www.microsoft.com/downloads/details.aspx?familyid=b4ac7fbe-dd19-4940-a576-89a6b7ed602d
Microsoft Office 2003 SP3:
http://www.microsoft.com/downloads/details.aspx?familyid=48752ab4-5928-476d-a8bc-e998d188b1f7
2007 Microsoft Office System SP1:
http://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec
2007 Microsoft Office System SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec
Microsoft Office Project 2002 SP1:
http://www.microsoft.com/downloads/details.aspx?familyid=b4ac7fbe-dd19-4940-a576-89a6b7ed602d
Microsoft Office Visio 2002 SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=920ee70b-c5c1-47b5-8f33-938ffe14eea4
Microsoft Office Word Viewer, Microsoft Word Viewer 2003
(optionally
with SP3), Microsoft Office Excel Viewer 2003 (optionally with
SP3):
http://www.microsoft.com/downloads/details.aspx?familyid=48752ab4-5928-476d-a8bc-e998d188b1f7
Microsoft Office Excel Viewer, PowerPoint Viewer 2007
(optionally
with SP1):
http://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec
PowerPoint Viewer 2007 SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec
Microsoft Office Compatibility Pack for Word, Excel, and
PowerPoint
2007 File Formats SP1:
http://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec
Microsoft Office Compatibility Pack for Word, Excel, and
PowerPoint
2007 File Formats SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec
Microsoft Expression Web and Microsoft Expression Web 2:
http://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec
Microsoft Office Groove 2007 (optionally with SP1):
http://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec
Microsoft Works 8.5:
http://www.microsoft.com/downloads/details.aspx?familyid=6f96de9a-62d8-428f-9567-51d55c129be6
SQL Server 2000 Reporting Services SP2 (QFE):
http://www.microsoft.com/downloads/details.aspx?familyid=33554f96-5af7-4683-a537-9db293b67b8d
SQL Server 2005 SP2 (GDR):
http://www.microsoft.com/downloads/details.aspx?familyid=d971a262-1dfb-498c-a4f3-59fdc1b85d23
SQL Server 2005 SP2 (QFE):
http://www.microsoft.com/downloads/details.aspx?familyid=76d3d653-e9a0-48bc-afae-d3553f7b9235
SQL Server 2005 x64 Edition SP2 (GDR):
http://www.microsoft.com/downloads/details.aspx?familyid=d971a262-1dfb-498c-a4f3-59fdc1b85d23
SQL Server 2005 x64 Edition SP2 (QFE):
http://www.microsoft.com/downloads/details.aspx?familyid=76d3d653-e9a0-48bc-afae-d3553f7b9235
SQL Server 2005 for Itanium-based Systems SP2 (GDR):
http://www.microsoft.com/downloads/details.aspx?familyid=d971a262-1dfb-498c-a4f3-59fdc1b85d23
SQL Server 2005 for Itanium-based Systems SP2 (QFE):
http://www.microsoft.com/downloads/details.aspx?familyid=76d3d653-e9a0-48bc-afae-d3553f7b9235
SQL Server 2005 SP3 (GDR):
http://www.microsoft.com/downloads/details.aspx?familyid=0d878f4b-71e8-4170-9a14-1bce684811ce
SQL Server 2005 SP3 (QFE):
http://www.microsoft.com/downloads/details.aspx?familyid=e6f307c1-8b21-406e-9c6f-b1a3a1e9a98f
SQL Server 2005 x64 Edition SP3 (GDR):
http://www.microsoft.com/downloads/details.aspx?familyid=0d878f4b-71e8-4170-9a14-1bce684811ce
SQL Server 2005 x64 Edition SP3 (QFE):
http://www.microsoft.com/downloads/details.aspx?familyid=e6f307c1-8b21-406e-9c6f-b1a3a1e9a98f
SQL Server 2005 for Itanium-based Systems SP3 (GDR):
http://www.microsoft.com/downloads/details.aspx?familyid=0d878f4b-71e8-4170-9a14-1bce684811ce
SQL Server 2005 for Itanium-based Systems SP3 (QFE):
http://www.microsoft.com/downloads/details.aspx?familyid=e6f307c1-8b21-406e-9c6f-b1a3a1e9a98f
Microsoft Visual Studio .NET 2003 SP1:
http://www.microsoft.com/downloads/details.aspx?familyid=9e3b52d3-b211-4d62-891c-ae8f2e4ffc6c
Microsoft Visual Studio 2005 SP1:
http://www.microsoft.com/downloads/details.aspx?familyid=e186aeed-e9d7-4a02-84b3-bbed116ca060
Microsoft Visual Studio 2008:
http://www.microsoft.com/downloads/details.aspx?familyid=4fa10c93-ce20-43df-a725-ef4c77353747
Microsoft Visual Studio 2008 SP1:
http://www.microsoft.com/downloads/details.aspx?familyid=b904dee8-8a26-43f8-8ca9-86ad12cfdb52
Microsoft Report Viewer 2005 SP1 Redistributable Package:
http://www.microsoft.com/downloads/details.aspx?familyid=0dfaf300-2b53-4678-a779-0d805ddfe538
Microsoft Report Viewer 2008 Redistributable Package:
http://www.microsoft.com/downloads/details.aspx?familyid=42ed040f-cf94-4754-b0b3-c8016fbcbe22
Microsoft Report Viewer 2008 Redistributable Package SP1:
http://www.microsoft.com/downloads/details.aspx?familyid=6aaa74bd-a46e-4478-b4e1-2063d18d2d42
Microsoft Visual FoxPro 8.0 SP1 when installed on Microsoft
Windows
2000 SP4:
http://www.microsoft.com/downloads/details.aspx?familyid=e5d0d515-4b36-4025-bc6f-1c5cdf09e1af
Microsoft Visual FoxPro 9.0 SP2 when installed on Microsoft
Windows
2000 SP4:
http://www.microsoft.com/downloads/details.aspx?familyid=2a930f56-59ac-49a6-830f-bfae7c540ec7
Microsoft Platform SDK Redistributable - GDI+:
http://www.microsoft.com/downloads/details.aspx?FamilyId=6A63AB9C-DF12-4D41-933C-BE590FEAA05A
Microsoft Forefront Client Security 1.0 when installed on
Microsoft
Windows 2000 SP4:
http://www.microsoft.com/downloads/details.aspx?familyid=c0ce624c-8df3-4223-8a7a-5cba4ac334a8
ORIGINAL ADVISORY:
MS09-062 (KB957488, KB958869, KB971108, KB971110, KB971111,
KB974811,
KB972580, KB972581, KB975365, KB973636, KB970895, KB970892,
KB970899,
KB970896, KB970894, KB971022, KB971023, KB972221, KB972222,
KB971117,
KB971118, KB971119, KB971104, KB971105, KB975337, KB975962):
http://www.microsoft.com/technet/security/bulletin/MS09-062.mspx
=========================
The list's FAQ's can be seen by sending an email to
PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line.
To unsubscribe, subscribe, set Digest or Vacation to on or off, go to
//www.freelists.org/list/pcworks . You can also send an email to
PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your
member list settings can be found at
//www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have
access to numerous other email options.
The list archives are located at //www.freelists.org/archives/pcworks/ .
All email posted to the list will be placed there in the event anyone needs to
look for previous posts.
-zxdjhu-
Other related posts:
- » [PCWorks] Microsoft Products GDI+ Multiple Vulnerabilities - Clint Hamilton-PCWorks Admin
