Advisories
Windows Metafile Heap Overflow
Release Date:
April 13, 2004
Date Reported:
November 1, 2003
Patch Development Time (In Days):
Severity:
High (Remote Code Execution)
Vendor:
Microsoft
Systems Affected:
Windows NT 4.0
Windows 2000
Windows XP
Overview:
Technical Details:
eEye Digital Security has discovered a buffer overflow in the APIs which handle Windows metafile-format images, implemented in the Windows GDI Client DLL (GDI32.dll). A Windows metafile is a collection of structures that stores a picture in a device-independent format. The GDI32.dll PlayMetaFileRecord() API, which plays a Windows-format metafile record by executing GDI functions specified within the record, has been found to contain an exploitable heap overflow.
A Windows metafile can be handled by many applications such as Internet Explorer, Outlook Express, Wordpad, the Windows shell (Explorer), the Office series (Word/Excel/PowerPoint/Outlook, etc.), and other third party applications. If any of these applications handle the corrupted metafile, it is possible to execute arbitrary code contained within the Windows metafile.
Protection:
Retina Network Security Scanner has been updated to identify this vulnerability.
Vendor Status:
Microsoft has released a patch for this vulnerability. The patch is available at: http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx.
Credit:
Discovery: Yuji Ukai
Related Links:
Retina Network Security Scanner - Free 15 Day Trial http://www.eeye.com/html/Products/Retina/download.html
Greetings:
all security guys in anti rootkit research team !!
Copyright (c) 1998-2009 eEye Digital Security
Permission is hereby granted for the redistribution of this alert electronically. It is not to be edited in any way without express consent of eEye. If you wish to reprint the whole or any part of this alert in any other medium excluding electronic medium, please email alert@eEye.com for permission.
Disclaimer
The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are no warranties, implied or express, with regard to this information. In no event shall the author be liable for any direct or indirect damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.
April 13, 2004
Date Reported:
November 1, 2003
Patch Development Time (In Days):
 |
|
|
|
| 164 |
Severity:
High (Remote Code Execution)
Vendor:
Microsoft
Systems Affected:
Windows NT 4.0
Windows 2000
Windows XP
Overview:
Technical Details:
eEye Digital Security has discovered a buffer overflow in the APIs which handle Windows metafile-format images, implemented in the Windows GDI Client DLL (GDI32.dll). A Windows metafile is a collection of structures that stores a picture in a device-independent format. The GDI32.dll PlayMetaFileRecord() API, which plays a Windows-format metafile record by executing GDI functions specified within the record, has been found to contain an exploitable heap overflow.
A Windows metafile can be handled by many applications such as Internet Explorer, Outlook Express, Wordpad, the Windows shell (Explorer), the Office series (Word/Excel/PowerPoint/Outlook, etc.), and other third party applications. If any of these applications handle the corrupted metafile, it is possible to execute arbitrary code contained within the Windows metafile.
Protection:
Retina Network Security Scanner has been updated to identify this vulnerability.
Vendor Status:
Microsoft has released a patch for this vulnerability. The patch is available at: http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx.
Credit:
Discovery: Yuji Ukai
Related Links:
Retina Network Security Scanner - Free 15 Day Trial http://www.eeye.com/html/Products/Retina/download.html
Greetings:
all security guys in anti rootkit research team !!
Copyright (c) 1998-2009 eEye Digital Security
Permission is hereby granted for the redistribution of this alert electronically. It is not to be edited in any way without express consent of eEye. If you wish to reprint the whole or any part of this alert in any other medium excluding electronic medium, please email alert@eEye.com for permission.
Disclaimer
The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are no warranties, implied or express, with regard to this information. In no event shall the author be liable for any direct or indirect damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.
