Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Exploits-HackingTools
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[NT] Vulnerability in GDI Allows Code Execution (MS07-046)

from [SecuriTeam] Network Security [Permanent Link]
Subject: [NT] Vulnerability in GDI Allows Code Execution (MS07-046)
Date: 15 Aug 2007 15:44:38 +0200 
The following security advisory is sent to the securiteam mailing list, and can 
be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html 

- - - - - - - - -



  Vulnerability in GDI Allows Code Execution (MS07-046)
------------------------------------------------------------------------


SUMMARY

A remote code execution vulnerability exists in the Graphics Rendering 
Engine because of the way that it handles specially crafted images. An 
attacker could exploit the vulnerability by constructing a specially 
crafted image that could potentially allow remote code execution if a user 
opened a specially crafted attachment in e-mail.

An attacker who successfully exploited this vulnerability could gain the 
same user rights as the local user. Users whose accounts are configured to 
have fewer user rights on the system could be less impacted than users who 
operate with administrative user rights.

DETAILS

Affected Software:
 *  
<http://www.microsoft.com/downloads/details.aspx?FamilyId=8fc8340b-c2b3-4559-835c-caa00cf086b9>
 Microsoft Windows 2000 Service Pack 4
 *  
<http://www.microsoft.com/downloads/details.aspx?FamilyId=dc29475d-c0bb-4d35-8dd6-4ca1cac32315>
 Windows XP Service Pack 2
 *  
<http://www.microsoft.com/downloads/details.aspx?FamilyId=3c81730a-981a-4649-b2d9-45144230d512>
 Windows XP Professional x64 Edition
 *  
<http://www.microsoft.com/downloads/details.aspx?FamilyId=5374583d-de68-4d65-bca8-598d6b98b8b3>
 Windows Server 2003 Service Pack 1
 *  
<http://www.microsoft.com/downloads/details.aspx?FamilyId=c3359f27-e03e-4a4f-b896-3bda39f69f7e>
 Windows Server 2003 x64 Edition
 *  
<http://www.microsoft.com/downloads/details.aspx?FamilyId=92822479-2060-4357-a340-ed096f180b2b>
 Windows Server 2003 with SP1 for Itanium-based Systems

Non-Affected Software:
 * Windows XP Professional x64 Edition Service Pack 2
 * Windows Server 2003 Service Pack 2
 * Windows Server 2003 x64 Edition Service Pack 2
 * Windows Server 2003 with SP2 for Itanium-based Systems
 * Windows Vista
 * Windows Vista x64 Edition

CVE Information:
 <http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3034> 
CVE-2007-3034

Mitigating Factors for Remote Code Execution Vulnerability in GDI:
Mitigation refers to a setting, common configuration, or general 
best-practice, existing in a default state, that could reduce the severity 
of exploitation of a vulnerability. The following mitigating factor may be 
helpful in your situation:

 * An attacker who successfully exploited this vulnerability could gain 
the same user rights as the local user. Users whose accounts are 
configured to have fewer user rights on the system could be less impacted 
than users who operate with administrative user rights.

 * Microsoft Windows Vista and Windows Server 2003 Service pack 2 are 
unaffected by this issue.

FAQ for Remote Code Execution Vulnerability in GDI:
What is the scope of the vulnerability? 
This is a remote code execution vulnerability. If a user is logged on with 
administrative user rights, an attacker who successfully exploited this 
vulnerability could take complete control of an affected system. An 
attacker could then install programs; view, change, or delete data; or 
create new accounts with full user rights. Users whose accounts are 
configured to have fewer user rights on the system could be less impacted 
than users who operate with administrative user rights.

What causes the vulnerability ?
The vulnerability exists in the way that the Graphics Rendering Engine 
handles specially crafted images, potentially allowing arbitrary code to 
be executed.

What might an attacker use the vulnerability to do? 
An attacker who successfully exploited this vulnerability could run code 
on the affected system.

How could an attacker exploit the vulnerability? 
An attacker could exploit this vulnerability by creating a specially 
crafted attachment in e-mail and then persuading the user to open the 
attachment. If the user opened the attachment, the attacker could cause 
arbitrary code to run in the security context of the locally logged-on 
user.

What is GDI? 
Microsoft Windows graphics device interface (GDI) enables applications to 
use graphics and formatted text on both the video display and the printer. 
Windows-based applications do not access the graphics hardware directly. 
Instead, GDI interacts with device drivers on behalf of applications. For 
more information on GDI, please visit the Windows GDI Start Page.

What systems are primarily at risk from the vulnerability? 
Workstations and terminal servers are primarily at risk.

What does the update do? 
The update removes the vulnerability by adding overflow validations to the 
handling of images.

When this security bulletin was issued, had this vulnerability been 
publicly disclosed? 
No. Microsoft received information about this vulnerability through 
responsible disclosure.

When this security bulletin was issued, had Microsoft received any reports 
that this vulnerability was being exploited? 
No. Microsoft had not received any information to indicate that this 
vulnerability had been publicly used to attack customers and had not seen 
any examples of proof of concept code published when this security 
bulletin was originally issued.


ADDITIONAL INFORMATION

The information has been provided by Microsoft Security Bulletin MS07-046.
The original article can be found at:
 <http://www.microsoft.com/technet/security/bulletin/ms07-046.mspx> 
http://www.microsoft.com/technet/security/bulletin/ms07-046.mspx



======================================== 


This bulletin is sent to members of the SecuriTeam mailing list. 
To unsubscribe from the list, send mail with an empty subject line and body to: 
list-unsubscribe@securiteam.com 
In order to subscribe to the mailing list, simply forward this email to: 
list-subscribe@securiteam.com 


==================== 
==================== 

DISCLAIMER: 
The information in this bulletin is provided "AS IS" without warranty of any 
kind. 
In no event shall we be liable for any damages whatsoever including direct, 
indirect, incidental, consequential, loss of business profits or special 
damages.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [NT] Vulnerability in GDI Allows Code Execution (MS07-046), SecuriTeam <=
Previous by Date:  [NT] Cumulative Security Update for Internet Explorer (MS07-045), SecuriTeam
Next by Date:  [NEWS] WireShark MMS DoS Vulnerability, SecuriTeam
Previous by Thread:  [NT] Cumulative Security Update for Internet Explorer (MS07-045), SecuriTeam
Next by Thread:  [NEWS] WireShark MMS DoS Vulnerability, SecuriTeam
Indexes:  [Date] [Thread] [Top] [All Lists]