MajorRev: v2.0 Microsoft Security Bulletin MS04-028 - Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)

From: Russ Cooper (Russ.Cooper_at_TRUSECURE.CA)
Date: 10/12/04

  • Next message: CORE Security Technologies Advisories: "CORE-2004-0802: IIS NNTP Service XPAT Command Vulnerabilities" 
    Date:         Tue, 12 Oct 2004 13:36:16 -0400
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    Microsoft Security Bulletin MS04-028:
    Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)

    Bulletin URL:
    <http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx>

    Reason for Revision: Bulletin updated to advise on the availability of revised security updates for Office XP, Visio 2002, and Project 2002 customers that are using Windows XP Service Pack 2. Microsoft Knowledge Base Article 833987 documents the currently known issues that customers may experience when installing these security updates. The article also documents recommended solutions for these issues. Microsoft has also released the MS04-028 Enterprise Update Scanning Tool to help customers detect and deploy the required updates. For more information about the MS04-028 Enterprise Update Scanning Tool, see Microsoft Knowledge Base Article 886988. We have released an update for Windows 2000-based systems that have installed the Windows Journal Viewer. The bulletin has also been updated with a new FAQ that addresses questions regarding the Visio 2002 Viewer, Visio 2003 Viewer, and PowerPoint 2003 Viewer programs.
    Version Number: 2.0
    Issued Date: Tuesday, September 14, 2004
    Revision Date: Tuesday, October 12, 2004
    Impact of Vulnerability: Remote Code Execution
    Maximum Severity Rating: Critical
    Patch(es) Replaced: None
    Caveats: If you have installed any of the affected programs or affected components listed in this bulletin, you should install the required security update for each of the affected programs or affected components. This may require the installation of multiple security updates. See the FAQ section of this bulletin for more information. Microsoft Knowledge Base Article 833987 documents the currently known issues that customers may experience when they install this security update. The article also documents recommended solutions for these issues. For more information, see Microsoft Knowledge Base Article 833987 or the FAQ section of this security bulletin.

    Tested Software:
    Affected Software:
    ------------------
    * Microsoft Windows XP and Microsoft Windows XP Service Pack 1
    <http://tinyurl.com/4fmzh>
    * Microsoft Windows XP 64-Bit Edition Service Pack 1
    <http://tinyurl.com/4zg68>
    * Microsoft Windows XP 64-Bit Edition Version 2003
    <http://tinyurl.com/6arva>
    * Microsoft Windows Server(tm) 2003
    <http://tinyurl.com/43too>
    * Microsoft Windows Server 2003 64-Bit Edition
    <http://tinyurl.com/6arva>
    * Microsoft Office XP Service Pack 3
    <http://tinyurl.com/64orn>
    * Microsoft Office XP Service Pack 2 Microsoft Office XP Software:
    - Outlook. 2002
    - Word 2002
    - Excel 2002
    - PowerPoint. 2002
    - FrontPage. 2002
    - Publisher 2002
    - Access 2002
    <http://tinyurl.com/3np87>
    * Microsoft Office 2003 Microsoft Office 2003 Software:
    - Outlook. 2003
    - Word 2003
    - Excel 2003
    - PowerPoint. 2003
    - FrontPage. 2003
    - Publisher 2003
    - Access 2003
    - InfoPath(tm) 2003
    - OneNote(tm) 2003
    <http://tinyurl.com/58zvm>
    * Microsoft Project 2002 (all versions) and Microsoft Project 2002 Service Pack 1 (all versions)
    <http://tinyurl.com/7xuno>
    * Microsoft Project 2003 (all versions)
    <http://tinyurl.com/5ba7j>
    * Microsoft Visio 2002 Service Pack 1 (all versions) and Microsoft Visio 2002 Service Pack 2 (all versions)
    <http://tinyurl.com/67g3k>
    * Microsoft Visio 2003 (all versions)
    <http://tinyurl.com/4xhuy>
    * Microsoft Visual Studio .NET 2002 Microsoft Visual Studio .NET 2002 Software:
    - Visual Basic .NET Standard 2002
    - Visual C# .NET Standard 2002
    - Visual C++ .NET Standard 2002
    <http://tinyurl.com/5ptm3>
    * Microsoft Visual Studio .NET 2003 Microsoft Visual Studio .NET 2003 Software:
    - Visual Basic .NET Standard 2003
    - Visual C# .NET Standard 2003
    - Visual C++ .NET Standard 2003
    - Visual J# .NET Standard 2003
    <http://tinyurl.com/4tnq2>
    * The Microsoft .NET Framework version 1.0 SDK Service Pack 2
    <http://tinyurl.com/5qet2>
    * Microsoft Picture It!. 2002 (all versions)
    <http://tinyurl.com/3q869>
    * Microsoft Greetings 2002
    <http://tinyurl.com/3q869>
    * Microsoft Picture It! version 7.0 (all versions)
    <http://tinyurl.com/3q869>
    * Microsoft Digital Image Pro version 7.0
    <http://tinyurl.com/3q869>
    * Microsoft Picture It! version 9 (all versions, including Picture It! Library)
    <http://tinyurl.com/3q869>
    * Microsoft Digital Image Pro version 9
    <http://tinyurl.com/3q869>
    * Microsoft Digital Image Suite version 9
    <http://tinyurl.com/3q869>
    * Microsoft Producer for Microsoft Office PowerPoint (all versions)
    <http://tinyurl.com/4u9xy>
    * Microsoft Platform SDK Redistributable: GDI+
    <http://tinyurl.com/3qqd8>

    Affected Components:
    --------------------
    * Internet Explorer 6 Service Pack 1
    <http://tinyurl.com/5zjvb>
    * The Microsoft .NET Framework version 1.0 Service Pack 2
    <http://tinyurl.com/5qet2>
    * The Microsoft .NET Framework version 1.1
    <http://tinyurl.com/5j55a>
    * Windows Journal Viewer
    <http://tinyurl.com/5uneq>

    Technical Description:
    ----------------------
    * JPEG Vulnerability - CAN-2004-0200: A buffer overrun vulnerability exists in the processing of JPEG image formats that could allow remote code execution on an affected system. Any program that processes JPEG images on the affected systems could be vulnerable to this attack, and any system that uses the affected programs or components could be vulnerable to this attack. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

    Revision History:
    -----------------
    * v1.0 - 9/14/2004: Bulletin published
    * v1.1 - 9/15/2004: Affected and Non-Affected Software Sections updated. Office XP Service Pack 2 is affected and this has been clarified. The .NET Framework 1.1 SDK and MS Works (all versions) are not affected and have been added to the Non Affected Software Section. FAQ's have also been updated to provide additional information about this issue.
    * v1.2 - 9/21/2004: Affected and Non-Affected Software Sections updated. Updated Security Update Information Sections for Office XP, Visio 2002, Project 2002, .NET Framework 1.0 and .NET Framework 1.1. FAQ's have also been updated to provide additional information about this issue.
    * v2.0 - 10/12/2004: Bulletin updated to advise on the availability of revised security updates for Office XP, Visio 2002, and Project 2002 customers that are using Windows XP Service Pack 2. Microsoft Knowledge Base Article 833987 documents the currently known issues that customers may experience when installing these security updates. The article also documents recommended solutions for these issues. Microsoft has also released the MS04-028 Enterprise Update Scanning Tool to help customers detect and deploy the required updates. For more information about the MS04-028 Enterprise Update Scanning Tool, see Microsoft Knowledge Base Article 886988. We have released an update for Windows 2000-based systems that have installed the Windows Journal Viewer. The bulletin has also been updated with a new FAQ that addresses questions regarding the Visio 2002 Viewer, Visio 2003 Viewer, and PowerPoint 2003 Viewer programs.

    This email is sent to NTBugtraq automagically as a service to my subscribers. (v4.01.1664.40858)

    Cheers,
    Russ - Senior Scientist - TruSecure Corporation/NTBugtraq Editor 

    --
NTBugtraq Editor's Note:
Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you'll have to copy their email address out of the message and place it in your TO: field.
--
  • Next message: CORE Security Technologies Advisories: "CORE-2004-0802: IIS NNTP Service XPAT Command Vulnerabilities"

    Relevant Pages

    • Neue SIcherheitsbulletins und Patches
      ... Critical MS06-057 Microsoft Windows Remote Code Execution ... Critical MS06-058 Microsoft Office Remote Code Execution ... Critical MS06-061 Microsoft Windows or Office Remote Code Execution ... Impact of Vulnerability: Information Disclosure ...
      (microsoft.public.de.german.visio)
    • >>> MICROSOFT UPDATES <<<__________________________________________
      ... Microsoft Office 2003 Update Download Installation ... Microsoft Windows 98 Se Updates ...
      (de.comp.security.misc)
    • Install a converter thats supplied with Word
      ... Install a converter that's supplied with Word ... Run the Microsoft Office Setup program. ... Double-click the Add/Remove Programs icon in the Microsoft Windows Control ... If you installed your Microsoft Office program as part of Office, ...
      (microsoft.public.word.conversions)
    • Re: JPEG vulnerability
      ... Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6 ... Microsoft Office 2003 Service Pack 1 ... Microsoft Windows XP and Microsoft Windows XP Service Pack 1 - Download ...
      (microsoft.public.windowsxp.general)
    • Re: MinorRev: Microsoft Security Bulletin MS04-028 - Buffer Overrun in JPEG Processing (GDI+) Could
      ... They only give you the option of running "Microsoft GDI+ Detection Tool ... Impact of Vulnerability: Remote Code Execution ... Microsoft Office XP Service Pack 2 Microsoft Office XP Software: ... Visual Basic .NET Standard 2002 ...
      (NT-Bugtraq)