Microsoft GDI+ BMP整数溢出漏洞（MS08-052）

2008-09-1100:00:00

Root

www.seebug.org

0.759 High

EPSS

Percentile

97.9%

JSON

BUGTRAQ ID: 31022
CVE ID：CVE-2008-3015
CNCVE ID：CNCVE-20083015

Microsoft Windows是一款微软开发的操作系统。
Microsoft Windows GDI+子系统解析特殊构建的BMP文件存在问题，远程攻击者可以利用漏洞进行内存破坏，可导致以登录用户进程权限执行任意代码。
提供畸形的BitMapInfoHeader可导致不正确的整数计算，而在之后造成内存破坏问题，构建特殊的BMP文件，诱使用户访问，可触发此漏洞。

Microsoft Works 8.0
Microsoft Visual Studio 2003 Viewer
Microsoft Visio 2002 SP2
Microsoft SQL Server 2005 x64 Edition SP2
Microsoft SQL Server 2005 x64 Edition SP1
Microsoft SQL Server 2005 Itanium Edition SP2
Microsoft SQL Server 2005 Itanium Edition SP1
Microsoft SQL Server 2005 Itanium Edition 0
Microsoft SQL Server 2005 0
Microsoft SQL Server 2000

Microsoft Windows 2000 Professional SP2
Microsoft Windows 2000 Professional SP1
Microsoft Windows 2000 Professional
Microsoft Windows NT 4.0 SP6a
Microsoft Windows NT 4.0 SP6
Microsoft Windows NT 4.0 SP5
Microsoft Windows NT 4.0
Microsoft Report Viewer 2008 0
Microsoft Report Viewer 2005 SP1
Microsoft Office 2007 SP1
Microsoft Office 2007 0

Microsoft Access 2007 0
Microsoft Excel 2003
Microsoft Excel 2007 0
Microsoft FrontPage 2003
Microsoft Groove 2007 0
Microsoft InfoPath 2003
Microsoft InfoPath 2007 0
Microsoft Office Communicator 2007 0
Microsoft OneNote 2003 0
Microsoft Outlook 2003 0
Microsoft Outlook 2007 0
Microsoft PowerPoint 2003 0
Microsoft PowerPoint 2007 0
Microsoft Project Professional 2007 0
Microsoft Project Standard 2007 0
Microsoft Publisher 2003
Microsoft Publisher 2007 0
Microsoft SharePoint Designer 2007 0
Microsoft Visio Professional 2007 0
Microsoft Visio Standard 2007 0
Microsoft Office 2003 SP3
Microsoft Office 2003 SP2
Microsoft Office 2003 SP1
Microsoft Office 2003 0
Microsoft Excel 2003
Microsoft FrontPage 2003
Microsoft InfoPath 2003
Microsoft OneNote 2003 0
Microsoft Outlook 2003 0
Microsoft PowerPoint 2003 0
Microsoft Publisher 2003
Microsoft Forefront Client Security 1.0
Microsoft Digital Image Suite 2006

临时解决方案可参考如下：
-限制对gdiplus.dll的访问
1，在管理员命令行中运行如下命令：
for /F "tokens=" %G IN (‘dir /b /s %windir%\Microsoft.NET\Framework\gdiplus.dll’) DO cacls %G /E /P everyone:N
for /F "tokens=" %G IN (‘dir /b /s %windir%\winsxs\gdiplus.dll’) DO cacls %G /E /P everyone:N
for /F "tokens=" %G IN (‘dir /b /s ^"%windir%\Downloaded Program Files\gdiplus.dll^"’) DO cacls %G /E /P everyone:N
for /F "tokens=" %G IN (‘dir /b /s ^"%programfiles%\microsoft office\gdiplus.dll^"’) DO cacls "%G" /E /P everyone:N
for /F "tokens=*" %G IN (‘dir /b /s ^"%programfiles^(86^)%\microsoft office\gdiplus.dll^"’) DO cacls "%G" /E /P everyone:N
cacls "%programfiles%\Common Files\Microsoft Shared\VFP\gdiplus.dll" /E /P everyone:N
cacls "%programfiles(x86)%\Common Files\Microsoft Shared\VFP\gdiplus.dll" /E /P everyone:N
cacls "%programfiles%\Microsoft Visual FoxPro 8\gdiplus.dll" /E /P everyone:N
cacls "%programfiles(x86)%\Microsoft Visual FoxPro 8\gdiplus.dll" /E /P everyone:N
cacls "%programfiles%\Microsoft Visual FoxPro 9\gdiplus.dll" /E /P everyone:N
cacls "%programfiles(x86)%\Microsoft Visual FoxPro 9\gdiplus.dll" /E /P everyone:N
cacls "%programfiles%\Microsoft Digital Image 2006\gdiplus.dll" /E /P everyone:N
cacls "%programfiles(x86)%\Microsoft Digital Image 2006\gdiplus.dll" /E /P everyone:N
cacls "%programfiles%\Common Files\Microsoft shared\Works Shared\gdiplus.dll" /E /P everyone:N
cacls "%programfiles(x86)%\Common Files\Microsoft shared\Works Shared\gdiplus.dll" /E /P everyone:N
cacls "%programfiles%\Microsoft Works\gdiplus.dll" /E /P everyone:N
cacls "%programfiles(x86)%\Microsoft Works\gdiplus.dll" /E /P everyone:N
cacls "%programfiles%\Common Files\Microsoft Shared\VGX\vgx.dll" /E /P everyone:N
cacls "%programfiles(x86)%\Common Files\Microsoft Shared\VGX\vgx.dll" /E /P everyone:N
2，重新启动

怎样恢复刚才的临时解决方案：
1，在管理员命令行中运行如下命令：
for /F "tokens=" %G IN (‘dir /b /s %windir%\Microsoft.NET\Framework\gdiplus.dll’) DO cacls %G /E /R everyone
for /F "tokens=" %G IN (‘dir /b /s %windir%\winsxs\gdiplus.dll’) DO cacls %G /E /R everyone
for /F "tokens=" %G IN (‘dir /b /s ^"%windir%\Downloaded Program Files\gdiplus.dll^"’) DO cacls %G /E /R everyone
for /F "tokens=" %G IN (‘dir /b /s ^"%programfiles%\microsoft office\gdiplus.dll^"’) DO cacls "%G" /E /R everyone
for /F "tokens=*" %G IN (‘dir /b /s ^"%programfiles^(86^)%\microsoft office\gdiplus.dll^"’) DO cacls "%G" /E /R everyone
cacls "%programfiles%\Common Files\Microsoft Shared\VFP\gdiplus.dll" /E /R everyone
cacls "%programfiles(x86)%\Common Files\Microsoft Shared\VFP\gdiplus.dll" /E /R everyone
cacls "%programfiles%\Microsoft Visual FoxPro 8\gdiplus.dll" /E /R everyone
cacls "%programfiles(x86)%\Microsoft Visual FoxPro 8\gdiplus.dll" /E /R everyone
cacls "%programfiles%\Microsoft Visual FoxPro 9\gdiplus.dll" /E /R everyone
cacls "%programfiles(x86)%\Microsoft Visual FoxPro 9\gdiplus.dll" /E /R everyone
cacls "%programfiles%\Microsoft Digital Image 2006\gdiplus.dll" /E /R everyone
cacls "%programfiles(x86)%\Microsoft Digital Image 2006\gdiplus.dll" /E /R everyone
cacls "%programfiles%\Common Files\Microsoft shared\Works Shared\gdiplus.dll" /E /R everyone
cacls "%programfiles(x86)%\Common Files\Microsoft shared\Works Shared\gdiplus.dll" /E /R everyone
cacls "%programfiles%\Microsoft Works\gdiplus.dll" /E /R everyone
cacls "%programfiles(x86)%\Microsoft Works\gdiplus.dll" /E /R everyone
cacls "%programfiles%\ Common Files\Microsoft Shared\VGX\vgx.dll" /E /R everyone
cacls "%programfiles(x86)%\ Common Files\Microsoft Shared\VGX\vgx.dll" /E /R everyone
2，重新启动

-编辑注册表防止RSClientPrint中Internet Explorer运行：
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility{FA91DF8D-53AB-455D-AB20-F2F023E498D3}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility{FA91DF8D-53AB-455D-AB20-F2F023E498D3}]
"Compatibility Flags"=dword:00000400
把如上内容粘贴到记事本并以.reg文件扩展名保存，并双击。

参考如下补丁程序：
Microsoft Digital Image Suite 2006
Microsoft Vulnerabilities in Digital Image 2006 using GDI+ Could Allow Remote Code Execution (KB955992)
<a href=“http://www.microsoft.com/downloads/details.aspx?familyid=04afd760-8173” target=“_blank”>http://www.microsoft.com/downloads/details.aspx?familyid=04afd760-8173</a> -4069-9e82-d3bf053d9eae&displaylang=en
Microsoft SQL Server 2005 Itanium Edition SP2
Microsoft Security Update for SQL Server 2005 QFE Service Pack 2 (KB954607)
<a href=“http://www.microsoft.com/downloads/details.aspx?familyid=5148B887-F323” target=“_blank”>http://www.microsoft.com/downloads/details.aspx?familyid=5148B887-F323</a> -4ADB-9721-61E1C0CFD213&displaylang=en
Microsoft Security Update for SQL Server 2005 Service Pack 2 (KB954606)
<a href=“http://www.microsoft.com/downloads/details.aspx?familyid=4603C722-2468” target=“_blank”>http://www.microsoft.com/downloads/details.aspx?familyid=4603C722-2468</a> -4ADB-B945-2ED0458B8F47&displaylang=en
Microsoft Report Viewer 2005 SP1
Microsoft Microsoft Report Viewer Redistributable 2005 Service Pack 1
<a href=“http://www.microsoft.com/downloads/details.aspx?familyid=82833F27-081D” target=“_blank”>http://www.microsoft.com/downloads/details.aspx?familyid=82833F27-081D</a> -4B72-83EF-2836360A904D&displaylang=en
Microsoft Report Viewer 2008 0
Microsoft Microsoft Report Viewer Redistributable 2008
<a href=“http://www.microsoft.com/downloads/details.aspx?familyid=6AE0AA19-3E6C” target=“_blank”>http://www.microsoft.com/downloads/details.aspx?familyid=6AE0AA19-3E6C</a> -474C-9D57-05B2347456B1&displaylang=en
Microsoft SQL Server 2005 x64 Edition SP2
Microsoft Security Update for SQL Server 2005 QFE Service Pack 2 (KB954607)
<a href=“http://www.microsoft.com/downloads/details.aspx?familyid=5148B887-F323” target=“_blank”>http://www.microsoft.com/downloads/details.aspx?familyid=5148B887-F323</a> -4ADB-9721-61E1C0CFD213&displaylang=en
Microsoft Security Update for SQL Server 2005 Service Pack 2 (KB954606)
<a href=“http://www.microsoft.com/downloads/details.aspx?familyid=4603C722-2468” target=“_blank”>http://www.microsoft.com/downloads/details.aspx?familyid=4603C722-2468</a> -4ADB-B945-2ED0458B8F47&displaylang=en
Microsoft Office 2003 SP3
Microsoft Security Update for Office 2003 (KB954478)
<a href=“http://www.microsoft.com/downloads/details.aspx?familyid=e9f8e309-d721” target=“_blank”>http://www.microsoft.com/downloads/details.aspx?familyid=e9f8e309-d721</a> -4bab-b485-5eede8d49eb8&displaylang=en
Microsoft Visio 2002 SP2
Microsoft Security Update for Visio 2002 (KB954479)
<a href=“http://www.microsoft.com/downloads/details.aspx?familyid=a6d9d3ef-f087” target=“_blank”>http://www.microsoft.com/downloads/details.aspx?familyid=a6d9d3ef-f087</a> -4f61-9ec1-522b7d4b9c48&displaylang=en
Microsoft Forefront Client Security 1.0
Microsoft Microsoft Forefront Security v 1.0 MS08-052 (KB 957177)
<a href=“http://www.microsoft.com/downloads/details.aspx?familyid=1EB1A79F-44CA” target=“_blank”>http://www.microsoft.com/downloads/details.aspx?familyid=1EB1A79F-44CA</a> -499E-90BB-AC51894E9D1E&displaylang=en