Microsoft GDI+ BMP整数溢出漏洞(MS08-052)

2008-09-11T00:00:00
ID SSV:4021
Type seebug
Reporter Root
Modified 2008-09-11T00:00:00

Description

BUGTRAQ ID: 31022 CVE ID:CVE-2008-3015 CNCVE ID:CNCVE-20083015

Microsoft Windows是一款微软开发的操作系统。 Microsoft Windows GDI+子系统解析特殊构建的BMP文件存在问题,远程攻击者可以利用漏洞进行内存破坏,可导致以登录用户进程权限执行任意代码。 提供畸形的BitMapInfoHeader可导致不正确的整数计算,而在之后造成内存破坏问题,构建特殊的BMP文件,诱使用户访问,可触发此漏洞。

Microsoft Works 8.0 Microsoft Visual Studio 2003 Viewer Microsoft Visio 2002 SP2 Microsoft SQL Server 2005 x64 Edition SP2 Microsoft SQL Server 2005 x64 Edition SP1 Microsoft SQL Server 2005 Itanium Edition SP2 Microsoft SQL Server 2005 Itanium Edition SP1 Microsoft SQL Server 2005 Itanium Edition 0 Microsoft SQL Server 2005 0 Microsoft SQL Server 2000 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 Microsoft Report Viewer 2008 0 Microsoft Report Viewer 2005 SP1 Microsoft Office 2007 SP1 Microsoft Office 2007 0 + Microsoft Access 2007 0 + Microsoft Excel 2003 + Microsoft Excel 2007 0 + Microsoft FrontPage 2003 + Microsoft Groove 2007 0 + Microsoft InfoPath 2003 + Microsoft InfoPath 2007 0 + Microsoft Office Communicator 2007 0 + Microsoft OneNote 2003 0 + Microsoft Outlook 2003 0 + Microsoft Outlook 2007 0 + Microsoft PowerPoint 2003 0 + Microsoft PowerPoint 2007 0 + Microsoft Project Professional 2007 0 + Microsoft Project Standard 2007 0 + Microsoft Publisher 2003 + Microsoft Publisher 2007 0 + Microsoft SharePoint Designer 2007 0 + Microsoft Visio Professional 2007 0 + Microsoft Visio Standard 2007 0 Microsoft Office 2003 SP3 Microsoft Office 2003 SP2 Microsoft Office 2003 SP1 Microsoft Office 2003 0 + Microsoft Excel 2003 + Microsoft FrontPage 2003 + Microsoft InfoPath 2003 + Microsoft OneNote 2003 0 + Microsoft Outlook 2003 0 + Microsoft PowerPoint 2003 0 + Microsoft Publisher 2003 Microsoft Forefront Client Security 1.0 Microsoft Digital Image Suite 2006

临时解决方案可参考如下: -限制对gdiplus.dll的访问 1,在管理员命令行中运行如下命令: for /F "tokens=" %G IN ('dir /b /s %windir%\Microsoft.NET\Framework\gdiplus.dll') DO cacls %G /E /P everyone:N for /F "tokens=" %G IN ('dir /b /s %windir%\winsxs\gdiplus.dll') DO cacls %G /E /P everyone:N for /F "tokens=" %G IN ('dir /b /s ^"%windir%\Downloaded Program Files\gdiplus.dll^"') DO cacls %G /E /P everyone:N for /F "tokens=" %G IN ('dir /b /s ^"%programfiles%\microsoft office\gdiplus.dll^"') DO cacls "%G" /E /P everyone:N for /F "tokens=*" %G IN ('dir /b /s ^"%programfiles^(86^)%\microsoft office\gdiplus.dll^"') DO cacls "%G" /E /P everyone:N cacls "%programfiles%\Common Files\Microsoft Shared\VFP\gdiplus.dll" /E /P everyone:N cacls "%programfiles(x86)%\Common Files\Microsoft Shared\VFP\gdiplus.dll" /E /P everyone:N cacls "%programfiles%\Microsoft Visual FoxPro 8\gdiplus.dll" /E /P everyone:N cacls "%programfiles(x86)%\Microsoft Visual FoxPro 8\gdiplus.dll" /E /P everyone:N cacls "%programfiles%\Microsoft Visual FoxPro 9\gdiplus.dll" /E /P everyone:N cacls "%programfiles(x86)%\Microsoft Visual FoxPro 9\gdiplus.dll" /E /P everyone:N cacls "%programfiles%\Microsoft Digital Image 2006\gdiplus.dll" /E /P everyone:N cacls "%programfiles(x86)%\Microsoft Digital Image 2006\gdiplus.dll" /E /P everyone:N cacls "%programfiles%\Common Files\Microsoft shared\Works Shared\gdiplus.dll" /E /P everyone:N cacls "%programfiles(x86)%\Common Files\Microsoft shared\Works Shared\gdiplus.dll" /E /P everyone:N cacls "%programfiles%\Microsoft Works\gdiplus.dll" /E /P everyone:N cacls "%programfiles(x86)%\Microsoft Works\gdiplus.dll" /E /P everyone:N cacls "%programfiles%\Common Files\Microsoft Shared\VGX\vgx.dll" /E /P everyone:N cacls "%programfiles(x86)%\Common Files\Microsoft Shared\VGX\vgx.dll" /E /P everyone:N 2,重新启动

怎样恢复刚才的临时解决方案: 1,在管理员命令行中运行如下命令: for /F "tokens=" %G IN ('dir /b /s %windir%\Microsoft.NET\Framework\gdiplus.dll') DO cacls %G /E /R everyone for /F "tokens=" %G IN ('dir /b /s %windir%\winsxs\gdiplus.dll') DO cacls %G /E /R everyone for /F "tokens=" %G IN ('dir /b /s ^"%windir%\Downloaded Program Files\gdiplus.dll^"') DO cacls %G /E /R everyone for /F "tokens=" %G IN ('dir /b /s ^"%programfiles%\microsoft office\gdiplus.dll^"') DO cacls "%G" /E /R everyone for /F "tokens=*" %G IN ('dir /b /s ^"%programfiles^(86^)%\microsoft office\gdiplus.dll^"') DO cacls "%G" /E /R everyone cacls "%programfiles%\Common Files\Microsoft Shared\VFP\gdiplus.dll" /E /R everyone cacls "%programfiles(x86)%\Common Files\Microsoft Shared\VFP\gdiplus.dll" /E /R everyone cacls "%programfiles%\Microsoft Visual FoxPro 8\gdiplus.dll" /E /R everyone cacls "%programfiles(x86)%\Microsoft Visual FoxPro 8\gdiplus.dll" /E /R everyone cacls "%programfiles%\Microsoft Visual FoxPro 9\gdiplus.dll" /E /R everyone cacls "%programfiles(x86)%\Microsoft Visual FoxPro 9\gdiplus.dll" /E /R everyone cacls "%programfiles%\Microsoft Digital Image 2006\gdiplus.dll" /E /R everyone cacls "%programfiles(x86)%\Microsoft Digital Image 2006\gdiplus.dll" /E /R everyone cacls "%programfiles%\Common Files\Microsoft shared\Works Shared\gdiplus.dll" /E /R everyone cacls "%programfiles(x86)%\Common Files\Microsoft shared\Works Shared\gdiplus.dll" /E /R everyone cacls "%programfiles%\Microsoft Works\gdiplus.dll" /E /R everyone cacls "%programfiles(x86)%\Microsoft Works\gdiplus.dll" /E /R everyone cacls "%programfiles%\ Common Files\Microsoft Shared\VGX\vgx.dll" /E /R everyone cacls "%programfiles(x86)%\ Common Files\Microsoft Shared\VGX\vgx.dll" /E /R everyone 2,重新启动

-编辑注册表防止RSClientPrint中Internet Explorer运行: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility{FA91DF8D-53AB-455D-AB20-F2F023E498D3}] "Compatibility Flags"=dword:00000400 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility{FA91DF8D-53AB-455D-AB20-F2F023E498D3}] "Compatibility Flags"=dword:00000400 把如上内容粘贴到记事本并以.reg文件扩展名保存,并双击。

参考如下补丁程序: Microsoft Digital Image Suite 2006 Microsoft Vulnerabilities in Digital Image 2006 using GDI+ Could Allow Remote Code Execution (KB955992) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=04afd760-8173 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=04afd760-8173</a> -4069-9e82-d3bf053d9eae&displaylang=en Microsoft SQL Server 2005 Itanium Edition SP2 Microsoft Security Update for SQL Server 2005 QFE Service Pack 2 (KB954607) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=5148B887-F323 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=5148B887-F323</a> -4ADB-9721-61E1C0CFD213&displaylang=en Microsoft Security Update for SQL Server 2005 Service Pack 2 (KB954606) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=4603C722-2468 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=4603C722-2468</a> -4ADB-B945-2ED0458B8F47&displaylang=en Microsoft Report Viewer 2005 SP1 Microsoft Microsoft Report Viewer Redistributable 2005 Service Pack 1 <a href=http://www.microsoft.com/downloads/details.aspx?familyid=82833F27-081D target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=82833F27-081D</a> -4B72-83EF-2836360A904D&displaylang=en Microsoft Report Viewer 2008 0 Microsoft Microsoft Report Viewer Redistributable 2008 <a href=http://www.microsoft.com/downloads/details.aspx?familyid=6AE0AA19-3E6C target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=6AE0AA19-3E6C</a> -474C-9D57-05B2347456B1&displaylang=en Microsoft SQL Server 2005 x64 Edition SP2 Microsoft Security Update for SQL Server 2005 QFE Service Pack 2 (KB954607) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=5148B887-F323 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=5148B887-F323</a> -4ADB-9721-61E1C0CFD213&displaylang=en Microsoft Security Update for SQL Server 2005 Service Pack 2 (KB954606) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=4603C722-2468 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=4603C722-2468</a> -4ADB-B945-2ED0458B8F47&displaylang=en Microsoft Office 2003 SP3 Microsoft Security Update for Office 2003 (KB954478) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=e9f8e309-d721 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=e9f8e309-d721</a> -4bab-b485-5eede8d49eb8&displaylang=en Microsoft Visio 2002 SP2 Microsoft Security Update for Visio 2002 (KB954479) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=a6d9d3ef-f087 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=a6d9d3ef-f087</a> -4f61-9ec1-522b7d4b9c48&displaylang=en Microsoft Forefront Client Security 1.0 Microsoft Microsoft Forefront Security v 1.0 MS08-052 (KB 957177) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=1EB1A79F-44CA target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=1EB1A79F-44CA</a> -499E-90BB-AC51894E9D1E&displaylang=en