Microsoft Windows GDI+ ICO File Remote Denial of Service Vulnerability

TITLE: Microsoft Windows GDI+ ICO File Remote Denial of Service Vulnerability
CLASS: Design Error
CVE: CVE-2007-2237

REMOTE: Yes
LOCAL: No
PUBLISHED: Jun 06 2007 12:00AM
UPDATE: Jun 08 2007 01:40AM
CREDIT: Dennis Rand from CSIS Security Group is credited with discovering this issue.
VULNERABLE:

Microsoft Windows XP Tablet PC Edition SP2
Microsoft Windows XP Tablet PC Edition SP1
Microsoft Windows XP Tablet PC Edition
Microsoft Windows XP Professional x64 Edition SP2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Professional SP2
Microsoft Windows XP Professional SP1
Microsoft Windows XP Professional
Microsoft Windows XP Media Center Edition SP2
Microsoft Windows XP Media Center Edition SP1
Microsoft Windows XP Media Center Edition
Microsoft Windows XP Home SP2
Microsoft Windows XP Home SP1
Microsoft Windows XP Home
Microsoft Windows XP Gold 0
Microsoft Windows XP 64-bit Edition Version 2003 SP1
Microsoft Windows XP 64-bit Edition Version 2003
Microsoft Windows XP 64-bit Edition SP1
Microsoft Windows XP 64-bit Edition
Microsoft Windows XP 0

NOT VULNERABLE:

Vai alla pagina originale su Security Focus

Discussion

Microsoft Windows is prone to a remote denial-of-service vulnerability because it fails to properly handle maliciously crafted ICO files.

An attacker may exploit this issue by enticing victims into opening a malicious file.

Successful exploits will result in denial-of-service conditions on applications using the affected library. Applications such as Windows Explorer or Picture and Fax viewer have been identified as vulnerable.

Exploit

Attackers may exploit this issue by crafting and distributing a malicious ICO file.

The following exploit is available:

• /data/vulnerabilities/exploits/24346.ico

Solution

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:vuldb@securityfocus.com.

References

References:

• Microsoft Windows Homepage (Microsoft)
  
• VU#290961: Microsoft Windows GDI+ ICO InfoHeader Height division by zero vulnera (CERT-US)
  
• CSIS Advisory: Microsoft GDI+ Integer division by zero flaw handling .ICO files (CSIS)
  
• Advisory ??? Microsoft GDI+ Integer division by zero flaw handling .ICO files (Dennis Rand)
  

PhpLog