ðòïåëôù 


  áòèé÷ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 


  ðåòóïîáìøîïå 


  ðòïçòáííù 



ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [VulnWatch] NSFOCUS SA2006-04 : Microsoft Office GIF Filter Buffer Overflow Vulnerability



> -----Original Message-----
> From: NSFOCUS Security Team [mailto:security@xxxxxxxxxxx] 
> Sent: Wednesday, July 12, 2006 11:43 AM
> To: bugtraq@xxxxxxxxxxxxxxxxx; 
> full-disclosure@xxxxxxxxxxxxxxxx; vulnwatch@xxxxxxxxxxxxx
> Subject: [VulnWatch] NSFOCUS SA2006-04 : Microsoft Office GIF 
> Filter Buffer Overflow Vulnerability
> 
> NSFOCUS Security Advisory (SA2006-04)
> 
> Microsoft Office GIF Filter Buffer Overflow Vulnerability
> 
> Release Date: 2006-07-12
> 
> CVE ID: CVE-2006-0007
> 
> http://www.nsfocus.com/english/homepage/research/0604.htm
> 
> Affected systems & software
> ===================
> Microsoft Office 2000
> Microsoft Office XP
> Microsoft Office 2003
> 
> Unaffected systems & software
> ===================
> 
> 
> Summary
> =========
> 
> NSFocus Security Team discovered a buffer overflow 
> vulnerability in Microsoft Office
> GIF filter, which could allow attackers to run arbitrary code 
> via a carefully crafted
> GIF image. 
> 
> Description
> ============
> 
> GIFIMP32.FLT is a GIF image filter shipped with Microsoft 
> Office, which is 
> installed by default in %CommonProgramFiles%\Microsoft 
> Shared\Grphflt\GIFIMP32.FLT. 
> 
> GIFIMP32.FLT contains a buffer overflow vulnerability in the 
> handling of some
> malformed GIF images, which allows attackers to run arbitrary 
> code. Any application
> that calls GIFIMP32.FLT is affected by this vulnerability. 
> For example, mspaint.exe
> will call the filter automatically when opening files in .gif 
> format, if Microsoft
> Office is installed. Attackers could gain control over a 
> system by alluring users to
> open a malicious GIF image.
> 
> Workaround
> =============
> 
> 1. Do not open any GIF image from untrusted sources. 
> 2. Temporarily remove GIFIMP32.FLT. 
>     
> Vendor Status
> ==============
> 
> 2005.05.27  Informed the vendor
> 2005.06.02  Vendor confirmed the vulnerability
> 2006.07.11  Microsoft has released a security bulletin 
> (MS06-039) and related 
>             patches. 
>             
> For more details about the security bulletin, please refer to: 
> http://www.microsoft.com/technet/security/bulletin/MS06-039.mspx
> 
> Additional Information
> ========================
> 
> The Common Vulnerabilities and Exposures (CVE) project has 
> assigned the
> name CVE-2006-0007 to this issue. This is a candidate for 
> inclusion in the 
> CVE list (http://cve.mitre.org), which standardizes names for 
> security problems.
> Candidates may change significantly before they become 
> official CVE entries.
> 
> Acknowledgment
> ===============
> 
> Yu Yang of NSFocus Security Team found the vulnerability.
> 
> DISCLAIMS
> ==========
> THE INFORMATION PROVIDED IS RELEASED BY NSFOCUS "AS IS" 
> WITHOUT WARRANTY
> OF ANY KIND. NSFOCUS DISCLAIMS ALL WARRANTIES, EITHER 
> EXPRESSED OR IMPLIED,
> EXCEPT FOR THE WARRANTIES OF MERCHANTABILITY. IN NO EVENT 
> SHALL NSFOCUS
> BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
> INCIDENTAL,CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES,
> EVEN IF NSFOCUS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
> DISTRIBUTION OR REPRODUCTION OF THE INFORMATION IS PROVIDED THAT THE
> ADVISORY IS NOT MODIFIED IN ANY WAY.
> 
> Copyright 1999-2006 NSFOCUS. All Rights Reserved. Terms of use.
> 
> 
> NSFOCUS Security Team <security@xxxxxxxxxxx>
> NSFOCUS INFORMATION TECHNOLOGY CO.,LTD
> (http://www.nsfocus.com)
> 
> PGP Key: http://www.nsfocus.com/homepage/research/pgpkey.asc
> Key fingerprint = F8F2 F5D1 EF74 E08C 02FE 1B90 D7BF 7877 C6A6 F6DA
> 
> 




 




Copyright © Lexa Software, 1996-2009.