US-CERT Technical Cyber Security Alert TA05-012A -- Multiple Vulnerabilities in Microsoft Windows Icon and Cursor Processing
From: CERT Advisory (cert-advisory_at_cert.org)
Date: 01/12/05
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 12 Jan 2005 16:57:50 -0500 To: cert-advisory@cert.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Technical Cyber Security Alert TA05-012A
Multiple Vulnerabilities in Microsoft Windows Icon and Cursor Processing
Original release date: January 12, 2005
Last revised: --
Source: US-CERT
Systems Affected
Microsoft Windows Operating Systems excluding Microsoft Windows XP SP2
Overview
Microsoft Windows contains multiple vulnerabilities in the way that it
handles cursor and icon files. A remote attacker could execute
arbitrary code or cause a denial-of-service condition.
I. Description
Microsoft Security Bulletin MS05-002 describes a number of
vulnerabilities in the way that Windows handles icons, cursors,
animated cursors, and bitmaps. Further details are available in the
following vulnerability notes:
VU#625856 - Microsoft Windows LoadImage API vulnerable to integer
overflow
The Microsoft Windows LoadImage routine is vulnerable to an integer
overflow that may allow a remote attacker to execute arbitrary code on
a vulnerable system.
(CAN-2004-1049)
VU#697136 - Microsoft Windows kernel vulnerable to denial-of-service
condition via animated cursor (.ani) rate number
A vulnerability exists in the way the Microsoft Windows kernel
processes animated cursor (.ani) files with a rate number set to zero.
Exploitation of this vulnerability may allow a remote attacker to
cause a denial-of-service condition.
(CAN-2004-1305)
VU#177584 - Microsoft Windows kernel vulnerable to denial-of-service
condition via animated cursor (.ani) frame number
A vulnerability exists in the way the Microsoft Windows kernel
processes animated cursor (.ani) files with a frame number set to
zero. Exploitation of this vulnerability may allow a remote attacker
to cause a denial-of-service condition.
(CAN-2004-1305)
Note that exploits for these vulnerabilities are publicly available.
II. Impact
If a remote attacker can persuade a user to access a specially crafted
bitmap image, icon, or cursor file, the attacker may be able to
execute arbitrary code on that user's system, with their privileges.
Potentially, any operation that displays an image could trigger
exploitation; for instance, browsing the file system, reading HTML
email, or browsing websites.
III. Solution
Install an Update
Install the update as described in Microsoft Security Bulletin
MS05-002. Please also note that this update is also available via
Windows Update and Automatic Updates.
Appendix A. References
* US-CERT Vulnerability Note VU#697136 -
<http://www.kb.cert.org/vuls/id/697136>
* US-CERT Vulnerability Note VU#177584 -
<http://www.kb.cert.org/vuls/id/177584>
* US-CERT Vulnerability Note VU#625856 -
<http://www.kb.cert.org/vuls/id/625856>
* Microsoft Security Bulletin MS05-002 -
<http://www.microsoft.com/technet/security/bulletin/ms05-002.mspx>
_________________________________________________________________
These vulnerabilities were reported by Flashsky Fangxing and eEye
Digital Security.
_________________________________________________________________
Feedback can be directed to the author: Jeffrey Gennari
_________________________________________________________________
This document is available from:
<http://www.us-cert.gov/cas/techalerts/TA05-012A.html>
_________________________________________________________________
Copyright 2005 Carnegie Mellon University. Terms of use
Revision History
Jan 12, 2005: Initial release
Last updated January 12, 2005
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBQeWT/xhoSezw4YfQAQJ4Mwf8DW38XyncYoByjMNLaDo5thBVElAbQpnP
dCEmwTN65U+g604L1Zn+p0EJ2FSFRkF1Pbj0SZtin6PrjsTMsVP3KyaB2ogANpRl
jjlXsK3BZcI+KA5MEz+tG6rRcN8leaKUkep94k2oBQvmS5EJ7qlxYEt6aNZCyws5
LNwGoGJFdh+1GS7V+SiI8bctJCkCyxZnbMqQDeacAmt8/wD7RcMUSvk8Cfk1L9hd
Yw4cFlweRqjqHyj52Q01F7FAtvdRW+iG87EFMi5J6+HKkqR2vubExVI42uGCt64B
8SdG304c7pTIt2QSYFfqZWpMBkqWsqLI8mjPE/zU1ffnFM3DTAeExg==
=H24T
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
