Wednesday, September 10, 2008

Windows GDI+ GIF memory corruption

There is a memory corruption vulnerability in GIF file processing in Microsoft GDI+ that can be used to crash a vulnerable application and potentially execute arbitrary code.

The vulnerability

The vulnerability is caused due to improper handling of graphic control extension when processing malformed GIF files. The vulnerability can be triggered if a large number of extension markers (0x21) followed by unknown labels is found when processing a GIF file.

Impact

This vulnerability can be used to corrupt memory of any application utilizing GDI+ for GIF file decoding if it is used to open a malformed GIF file. This could lead to code execution with the privileges of the user running the vulnerable application.

References

http://www.zerodayinitiative.com/advisories/ZDI-08-056/
http://www.microsoft.com/technet/security/bulletin/ms08-052.mspx
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3013

10 comments:

Shiny Tinu said...

Thanks for sharing wonderful blog. For Embedded Training in Chennai Visit Fita Academy Embedded system Training in Chennai

aliya seen said...

If you are using shopify theme manager you can design anything without content.

Cynthia D. Fagan said...

Most of the parents seems to gives the greed to their child as if they do focus on their study and got some good grades then they will get them a new car or something like that of their choice.visit the website

odms said...

I like your post....Thanks for your valuable information.

, seo services in hyderabad

janaki sree ram said...

Nice information thanks for sharing
Best SEO consultant in Chennai

Brn Infotech said...

Thanks for posting the useful information to my vision. This is excellent information,.
iphone app training course

Web Design And Development Company said...

your blog is very nice and the information is very useful for us.
Web design and development company

Android Mobile App Development said...

hello, Thanks for sharing this information.

We are one of the most trusted Android Mobile App Development and IOS application development
to meet your business complex requirement through the offshore world.
Do you have the project and want to discuss with us? We can assist you in Web Application Development, Mobile App development, Games Development & Emerging Technology.

trendingjobz said...

Nice blog..! I really loved reading through this article. Thanks for sharing such a amazing post with us and keep blogging...
call centre training services in hyd

kavya sharma said...

Generic ecplusa
Myhepall
Myhepall in Thailand
Myhepall in Romania
Myhepall in Russia
Myhepall in Italy