9951 : Microsoft Multiple Products GDIPlus.dll JPEG Processing Overflow
Printer | http://osvdb.org/9951 | Email This | Edit Vulnerability

Views This Week	Views All Time	Added to OSVDB	Last Modified	Modified (since 2008)	Percent Complete
7	1047	over 7 years ago	over 2 years ago	13 times	90%

Timeline

Disclosure Date	Exploit Publish Date
2004-09-14	2004-09-21

Description

A local overflow exists in multiple Microsoft products which rely on gdiplus.dll for image processing. The gdiplus.dll fails to validate JPEG image files resulting in a buffer overflow. With a specially crafted image file, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Products

Microsoft Corporation	FrontPage	2002
	FrontPage	2003
	Windows	XP
		XP SP1
		XP 64-Bit SP1
		XP 64-Bit 2003
		2003 Server x64
		2003 Server
	Internet Explorer	6 Service Pack 1
	Access	2002
	Access	2003
	Office	XP SP3
		XP SP2
		2003
	Word	2002
	Word	2003
	Excel	2002
	Excel	2003
	Outlook	2002
	Outlook	2003
	.NET Framework	1.1
	.NET Framework	1.0 Service Pack 2
	Publisher	2003
	PowerPoint	2002
	PowerPoint	2003
	InfoPath	2003
	OnePath	2003
	Project	2002
		2002 Service Pack 1
		2003
	Visio	2002 Service Pack 1
		2002 Service Pack 2
		2003
	Visual Studio .NET	2002
	Visual Studio .NET	2003
	Visual Basic .NET	2002
	Visual Basic .NET	2003
	Visual C# .NET	2002
	Visual C# .NET	2003
	Visual C++ .NET	2002
	Visual C++ .NET	2003
	.NET Framework SDK	1.0 Service Pack 2
	Picture It!	2002
		7.0
		9
	Greetings	2002
	Digital Image Pro	7.0
	Digital Image Pro	9
	Digital Image Suite	9
	Producer for Microsoft Office PowerPoint	All Versions
	Platform SDK Redistributable: GDI+	All Versions

Business Objects

Crystal Enterprise

Website Pros

NetObjects Fusion

8.00.0000.5009

TiVo

TiVo Desktop for Windows

1.2

References

Security Tracker: 1011253
Bugtraq ID: 11173
Secunia Advisory ID: 12528 12671 12702 12772 12990
ISS X-Force ID: 16304
CVE ID: 2004-0200 (see also: NVD)
CERT VU: 297462
Milw0rm: 472 474 475 478 480 556
Exploit Database: 472 474 475 478 480 556
Microsoft Knowledge Base Article: 833987
Vendor Specific Advisory URL: http://h10025.www1.hp.com/ewfrf/wc/softwareDownloadIndex?dlc=en&lc=en&os=228%20&product=90764&lang=en&cc=us&softwareitem=oj-37641-1
http://www.hitachi-support.com/security_e/vuls_e/HS05-013_e/index-e.html
http://www.netiq.com/kb/esupport/consumer/solution.asp?id=GUIDa65cb982%5Fa7ef%5F419c%5Fb030%5F124958c284f5&resource=&nShowFacts=&nShowCause=&nShowChange=&nShowAddInfo=&number=1&searchtype=normal&searchclass=&bnewsession=
Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=109524346729948&w=2
Packet Storm: http://packetstormsecurity.org/0409-exploits/JpgDownloader.c
http://packetstormsecurity.org/0409-exploits/ms04-028-cmd.c
http://packetstormsecurity.org/0409-exploits/ms04-028.sh
Other Advisory URL: http://support.businessobjects.com/library/kbase/articles/c2016358.asp
http://www.netobjects.com/support/html/produpnfnof8.html
Microsoft Security Bulletin: MS04-028
CIAC Advisory: o-213

Tools & Filters

	14724 14818 14834
Snort	2705 2707

Credit

Nick DeBaggis - ndebaggisverizon.net -

CVSSv2 Score

CVSSv2 Base Score = 9.3
Source: nvd.nist.gov | Generated: 2003-12-31 | Disagree?

Blogs

This product uses the Daylife API but is not endorsed or certified by Daylife.

This section lists the latest news and blogs found via the daylife API (and for older items, the technorati API), which mention or otherwise discuss this vulnerability.

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Timeline

Description

Classification

Solution

Products

Microsoft Corporation

FrontPage

Windows

Internet Explorer

Access

Office

Word

Excel

Outlook

.NET Framework

Publisher

PowerPoint

InfoPath

OnePath

Project

Visio

Visual Studio .NET

Visual Basic .NET

Visual C# .NET

Visual C++ .NET

.NET Framework SDK

Picture It!

Greetings

Digital Image Pro

Digital Image Suite

Producer for Microsoft Office PowerPoint

Platform SDK Redistributable: GDI+