MA-138.092008 : MyCERT Special Alert - Vulnerability in Microsoft Windows GDI+
Original Issue Date: 22nd September 2008
Microsoft has recently reported a critical vulnerability that exists in Microsoft Windows GDI+ API (Gdiplus.dll). The GDI (Graphic Device Interface) enables applications such as XP User Interface, Microsoft Paint, Windows Picture and Fax Viewer, Photo Printing Wizard, My Pictures Slideshow screensaver, and their presence in the basic graphics layer greatly simplifies implementations of vector-graphics systems such as Flash or SVG.
This vulnerability can be exploited remotely and thus attacker could trick the user to open a specially crafted file that comes via an email attachment or a link to a website.
At this time of writing, there is no publicly known exploit exist for this vulnerability
By exploiting this vulnerability, an attacker could execute arbitrary commands on the user's computer. The attacker will have the same privilege as the user.
3.0 Affected Products
The affected products are as the following:
Windows Server 2003
Windows Vista (all editions)
Windows Server 2008 (all editions)*
Microsoft.NET Framework 1.0
Microsoft.NET Framework 1.1
Microsoft.NET Framework 2.0
Office XP (all editions)
Office 2003 (all editions)
The 2007 Microsoft Office System (all editions)
PowerPoint 2003 Viewer
Microsoft Works 8
Microsoft Digital Image Suite 2006
SQL Server 2000 Reporting Services Service Pack 2
SQL Server 2005 (all editions)
Microsoft Visual Studio .NET 2002 Service Pack 1
Microsoft Visual Studio .NET 2003 Service Pack 1
Microsoft Visual Studio 2005 Service Pack 1
Microsoft Visual Studio 2008
Microsoft Report Viewer 2005 Service Pack 1 Redistributable Package
Microsoft Report Viewer 2008 Redistributable Package
Microsoft Visual FoxPro 8.0 Service Pack 1
Microsoft Visual FoxPro 9.0 Service Pack 1 and Microsoft Visual FoxPro 9.0 Service Pack 2
Microsoft Platform SDK Redistributable: GDI+
Microsoft Forefront Client Security 1.0
*Windows Server 2008 Server Core installation is not affected.
Users are recommended to apply the fixes from Microsoft immediately depending on the system affected from the URL http://www.microsoft.com/technet/security/bulletin/ms08-052.mspx
MyCERT also recommends that the use of privilege accounts such as "Administrator" to be used in specific circumstances i.e. System Maintenance. Finally, users must make sure that they do not open and/or save file(s) from unknown sources.
Initial Release: 22nd September 2008