Microsoft Windows GDI Metafile SetPalette Entries Overflow

2005-11-08T00:09:02
ID OSVDB:20579
Type osvdb
Reporter Fang Xing(advisories@eeye.com)
Modified 2005-11-08T00:09:02

Description

Vulnerability Description

A remote overflow exists in Windows. The PlayMetaFileRecord function fails to validate "SetPaletteEntries"-type records resulting in an integer overflow. With a specially crafted Windows MetaFile, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Short Description

A remote overflow exists in Windows. The PlayMetaFileRecord function fails to validate "SetPaletteEntries"-type records resulting in an integer overflow. With a specially crafted Windows MetaFile, an attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor Specific Advisory URL Security Tracker: 1015168 Secunia Advisory ID:17461 Secunia Advisory ID:17498 Other Advisory URL: http://www.eeye.com/html/research/advisories/AD20051108a.html Microsoft Security Bulletin: MS05-053 Microsoft Knowledge Base Article: 896424 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0192.html Keyword: EEYEB-20050901 Generic Informational URL: http://news.com.com/Image-handling+flaws+put+Windows+PCs+at+risk/2100-1002_3-5940047.html CVE-2005-2123 CERT VU: 300549