|
|
>> Microsoft Windows Code Execution and Privilege Escalation Vulnerabilities (MS07-017)
|
Multiple vulnerabilities have been identified in Microsoft Windows, which could be exploited by remote or local attackers to take complete control of an affected system.
The first issue is due to an incorrect handling of memory reserved for the Windows kernel by the Windows Graphics Rendering Engine when processing WMF and EMF file types, which could be exploited by malicious users to execute arbitrary commands with elevated privileges. For additional information, see : VUPEN/ADV-2006-4358
The second vulnerability is due to a stack overflow error when handling malformed cursors, animated cursors and icons, which could be exploited by remote attackers to execute arbitrary. For additional information, see : VUPEN/ADV-2007-1151
The third issue is due to an error when processing data read from a malformed Windows Metafile (WMF) image, which could be exploited by attackers to cause a denial of service.
The fourth vulnerability is due to a buffer overflow error in GDI when rendering Enhanced Metafile (EMF) image format files, which could be exploited by malicious users to execute arbitrary commands with elevated privileges.
The fifth issue is due to an error in the graphics device interface (GDI) when processing application window sizes, which could be exploited by local attackers to obtain elevated privileges.
The sixth vulnerability is due to a buffer overflow error in the graphics device interface (GDI) when handling color-related parameters read from certain types of images, which could be exploited by malicious users to execute arbitrary commands with elevated privileges.
The seventh issue is due to an error in the TrueType Font Rasterizer that calls an uninitialized function pointer when processing defective or modified fonts, which could be exploited by malicious users to obtain elevated privileges.
Affected Products
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows Server 2003
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 (Itanium)
Microsoft Windows Server 2003 SP1 (Itanium)
Microsoft Windows Server 2003 SP2 (Itanium)
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows Vista
Microsoft Windows Vista x64 Edition
Solution
Apply patches :
http://www.microsoft.com/technet/security/bulletin/MS07-017.mspx
References
http://www.vupen.com/english/advisories/2007/1215
http://www.microsoft.com/technet/security/bulletin/MS07-017.mspx
Credits
Vulnerabilities reported by Alexander Sotirov (Determina Security Research), iDefense, Shaun Colley (NGS Software), Thomas Phinney (Adobe Systems) and Sergey Svinolobov.
ChangeLog
2007-04-03 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
