CONTACT US | SITEMAP
 
 
Search:
 
Home > Services > Advisories > MyCERT Advisories > 2008

MA-138.092008 : MyCERT Special Alert - Vulnerability in Microsoft Windows GDI+

Original Issue Date: 22nd September 2008

1.0 Introduction

Microsoft has recently reported a critical vulnerability that exists in Microsoft Windows GDI+ API (Gdiplus.dll). The GDI (Graphic Device Interface) enables applications such as XP User Interface, Microsoft Paint, Windows Picture and Fax Viewer, Photo Printing Wizard, My Pictures Slideshow screensaver, and their presence in the basic graphics layer greatly simplifies implementations of vector-graphics systems such as Flash or SVG.

This vulnerability can be exploited remotely and thus attacker could trick the user to open a specially crafted file that comes via an email attachment or a link to a website.

At this time of writing, there is no publicly known exploit exist for this vulnerability

2.0 Impact

By exploiting this vulnerability, an attacker could execute arbitrary commands on the user's computer. The attacker will have the same privilege as the user.

3.0 Affected Products

The affected products are as the following:

  • Windows 2000
  • Windows XP
  • Windows Server 2003
  • Windows Vista (all editions)
  • Windows Server 2008 (all editions)*
  • Microsoft.NET Framework 1.0
  • Microsoft.NET Framework 1.1
  • Microsoft.NET Framework 2.0
  • Office XP (all editions)
  • Office 2003 (all editions)
  • The 2007 Microsoft Office System (all editions)
  • Vision 2002
  • PowerPoint 2003 Viewer
  • Microsoft Works 8
  • Microsoft Digital Image Suite 2006
  • SQL Server 2000 Reporting Services Service Pack 2
  • SQL Server 2005 (all editions)
  • Microsoft Visual Studio .NET 2002 Service Pack 1
  • Microsoft Visual Studio .NET 2003 Service Pack 1
  • Microsoft Visual Studio 2005 Service Pack 1
  • Microsoft Visual Studio 2008
  • Microsoft Report Viewer 2005 Service Pack 1 Redistributable Package
  • Microsoft Report Viewer 2008 Redistributable Package
  • Microsoft Visual FoxPro 8.0 Service Pack 1
  • Microsoft Visual FoxPro 9.0 Service Pack 1 and Microsoft Visual FoxPro 9.0 Service Pack 2
  • Microsoft Platform SDK Redistributable: GDI+
  • Microsoft Forefront Client Security 1.0

*Windows Server 2008 Server Core installation is not affected.

4.0 Recommendation

Users are recommended to apply the fixes from Microsoft immediately depending on the system affected from the URL http://www.microsoft.com/technet/security/bulletin/ms08-052.mspx

MyCERT also recommends that the use of privilege accounts such as "Administrator" to be used in specific circumstances i.e. System Maintenance. Finally, users must make sure that they do not open and/or save file(s) from unknown sources.

5.0 References

a.http://www.microsoft.com/technet/security/bulletin/ms08-052.mspx
b.http://secunia.com/advisories/31675/
c.http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=743
d.http://en.wikipedia.org/wiki/Graphics_Device_Interface

Revision History:

Initial Release: 22nd September 2008
   

Disclaimer | Copyright © 2008 - CyberSecurity Malaysia