MA-263.012011 : MyCERT Alert - Critical Vulnerability in Microsoft Windows
Date of publication: 2011-01-06
A critical vulnerability has been identified in the Microsoft Windows Graphics Rendering Engine. The vulnerability, if successfully exploited will cause the application to crash and could potentially allow an attacker to take control of the affected system.
The vulnerability exists because of a stack overflow error in the "CreateSizedDIBSECTION()" function within the "shimgvw.dll" module when parsing a malformed thumbnail image, which could be exploited by attackers to execute arbitrary code by tricking a user into opening or previewing a malformed Office file or browsing to a network share, UNC, or WebDAV location containing a specially crafted thumbnail image.
MyCERT is aware that '0-day' exploits are available in the wild at the time of the publication of this advisory.
An attacker who successfully exploits this vulnerability will be able to execute codes remotely and gain the same privilege as the user. Unsuccessful attacks may cause denial-of-service (DoS) outcomes.
3.0 Affected Products
The detail list of the vulnerable products and versions are as below:
- Windows XP Service Pack 3
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista Service Pack 1 and Windows Vista Service Pack 2
- Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2
- Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation not affected)
- Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation not affected)
- Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
As of the writing of this advisory, Microsoft has not released any security patches for this vulnerability. However, users can use the following steps as a temporary workaround:
Modify the Access Control List (ACL) on shimgvw.dll
MyCERT would like to advise the users of Microsoft Windows to be vigilant of the latest security announcements by Microsoft and ensure that their operating systems are automatically updated. The article on how to enable the auto update feature in Microsoft is available at the following URL:
Users may also consider using a vulnerability management tool such as Secunia to ensure that all applications are updated:
MyCERT can be reached through the following channels for further assistance:
E-mail : email@example.com
Phone : 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : CYBER999 REPORT <EMAIL> <COMPLAINT> to 15888
Business Hours : Mon - Fri 08:30 -17:30 MYT