----------------------------------------------------------------------

We have updated our website, enjoy!
http://secunia.com/

----------------------------------------------------------------------

TITLE:
Microsoft Products GDI+ Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA31675

VERIFY ADVISORY:
http://secunia.com/advisories/31675/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
>From remote

OPERATING SYSTEM:
Microsoft Windows XP Professional
http://secunia.com/product/22/
Microsoft Windows XP Home Edition
http://secunia.com/product/16/
Microsoft Windows Vista
http://secunia.com/product/13223/
Microsoft Windows Storage Server 2003
http://secunia.com/product/12399/
Microsoft Windows Server 2008
http://secunia.com/product/18255/
Microsoft Windows Server 2003 Web Edition
http://secunia.com/product/1176/
Microsoft Windows Server 2003 Standard Edition
http://secunia.com/product/1173/
Microsoft Windows Server 2003 Enterprise Edition
http://secunia.com/product/1174/
Microsoft Windows Server 2003 Datacenter Edition
http://secunia.com/product/1175/

SOFTWARE:
SQL Server 2000 Reporting Services
http://secunia.com/product/19776/
Microsoft Works 8.x
http://secunia.com/product/7215/
Microsoft Visual Studio 2008
http://secunia.com/product/17277/
Microsoft Visual Studio 2005
http://secunia.com/product/6779/
Microsoft Visual Studio .NET 2003
http://secunia.com/product/1086/
Microsoft Visual Studio .NET 2002
http://secunia.com/product/1087/
Microsoft Visual FoxPro 9.x
http://secunia.com/product/15503/
Microsoft Visual FoxPro 8.x
http://secunia.com/product/412/
Microsoft Visio 2002
http://secunia.com/product/1091/
Microsoft SQL Server 2005 Express Edition
http://secunia.com/product/6479/
Microsoft SQL Server 2005 Compact Edition 3.x
http://secunia.com/product/15845/
Microsoft SQL Server 2005
http://secunia.com/product/6782/
Microsoft Report Viewer 2005
http://secunia.com/product/14769/
Microsoft Platform SDK Redistributable: GDI+
http://secunia.com/product/19777/
Microsoft Office XP
http://secunia.com/product/23/
Microsoft Office PowerPoint 2003 Viewer
http://secunia.com/product/4033/
Microsoft Office 2007
http://secunia.com/product/13228/
Microsoft Office 2003 Student and Teacher Edition
http://secunia.com/product/2278/
Microsoft Office 2003 Standard Edition
http://secunia.com/product/2275/
Microsoft Office 2003 Small Business Edition
http://secunia.com/product/2277/
Microsoft Office 2003 Professional Edition
http://secunia.com/product/2276/
Microsoft Internet Explorer 6.x
http://secunia.com/product/11/
Microsoft Forefront Client Security 1.x
http://secunia.com/product/17290/
Microsoft Digital Image 2006 11.x
http://secunia.com/product/7791/
Microsoft .NET Framework 2.x
http://secunia.com/product/6456/
Microsoft .NET Framework 1.x
http://secunia.com/product/667/
Microsoft Report Viewer 2008
http://secunia.com/product/19778/

DESCRIPTION:
Multiple vulnerabilities have been reported in various Microsoft
products, which can be exploited by malicious people to compromise a
vulnerable system.

1) An error in the way GDI+ handles gradient sizes can be exploited
to cause a heap-based buffer overflow via a specially crafted file.

2) An error in the way GDI+ processes EMF files can be exploited to
cause memory corruption via a specially crafted EMF image file.

3) An error in the way GDI+ parses records in GIF images can be
exploited via a specially crafted GIF image file.

4) An error in the way GDI+ parses WMF files can be exploited to
cause a buffer overflow via a specially crafted WMF image file.

5) An integer overflow in GDI+ when parsing BMP file headers can be
exploited to cause a buffer overflow via a specially crafted BMP
image file.

Successful exploitation of the vulnerabilities may allow execution of
arbitrary code.

SOLUTION:
Apply patches.

Windows XP SP2/SP3:
http://www.microsoft.com/downloads/details.aspx?familyid=e0bd6fbe-f46e-4961-9a79-49ec77d39439

Windows XP Professional x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?familyid=c5d26771-1f49-4bbf-902c-bf92e527cadb

Windows Server 2003 SP1/SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=ac03f138-eca4-46e1-9782-e811820e547f

Windows Server 2003 x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?familyid=93f1451b-5b62-47e5-8f0c-b720b957999a

Windows Server 2003 with SP1/SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=14e99f8a-cdd4-40d7-8cfc-73ae6bd6dfad

Windows Vista (optionally with SP1):
http://www.microsoft.com/downloads/details.aspx?familyid=16f3ad21-ed77-4c32-93df-3b650b2b32a5

Windows Vista x64 Edition (optionally with SP1):
http://www.microsoft.com/downloads/details.aspx?familyid=aa47d016-f5c9-4586-8876-f1f4f255f54d

Windows Server 2008 for 32-bit Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=23bd3be5-cc66-46f8-9420-49d65d8afe1d

Windows Server 2008 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=7f1e0f05-6c9d-4ad1-9b19-50ee4fa7bd7e

Windows Server 2008 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=5159bdba-3825-4816-a2be-ab035332b9e2

Internet Explorer 6 SP1 (Windows 2000 SP4):
http://www.microsoft.com/downloads/details.aspx?FamilyId=a860d2d9-653d-4ddb-bbff-323d3ccdb866

Microsoft .NET Framework 1.0 SP3 (Windows 2000 SP4):
http://www.microsoft.com/downloads/details.aspx?FamilyId=C7CBCD19-ACC1-4A89-ADFA-99B2F431510D

Microsoft .NET Framework 1.1 SP1 (Windows 2000 SP4):
http://www.microsoft.com/downloads/details.aspx?FamilyId=6013F866-3EA1-4672-B1BF-E516204C3A7A

Microsoft .NET Framework 2.0 (Windows 2000 SP4):
http://www.microsoft.com/downloads/details.aspx?FamilyId=7F1CD013-2C4B-4582-9114-CB840A96124A

Microsoft .NET Framework 2.0 SP1 (Windows 2000 SP4):
http://www.microsoft.com/downloads/details.aspx?FamilyId=215B73A3-46AB-44A8-A0FB-6D37BD1C39B8

Microsoft Office XP SP3:
http://www.microsoft.com/downloads/details.aspx?familyid=ef3de64c-fc17-4500-9da4-a3bba97fda6d

Microsoft Office 2003 SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=e9f8e309-d721-4bab-b485-5eede8d49eb8

Microsoft Office 2003 SP3:
http://www.microsoft.com/downloads/details.aspx?familyid=e9f8e309-d721-4bab-b485-5eede8d49eb8

2007 Microsoft Office System:
http://www.microsoft.com/downloads/details.aspx?familyid=4b656fe8-6253-490c-a81a-e4e8f0bb58d2

2007 Microsoft Office System SP1:
http://www.microsoft.com/downloads/details.aspx?familyid=4b656fe8-6253-490c-a81a-e4e8f0bb58d2

Microsoft Visio 2002 SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=a6d9d3ef-f087-4f61-9ec1-522b7d4b9c48

Microsoft Office PowerPoint Viewer 2003:
http://www.microsoft.com/downloads/details.aspx?familyid=cd503f08-1831-45ff-bdf4-dd918ca40505

Microsoft Works 8:
http://www.microsoft.com/downloads/details.aspx?familyid=EB0D224E-A517-40D9-9FC6-2345FA12A841

Microsoft Digital Image Suite 2006:
http://www.microsoft.com/downloads/details.aspx?familyid=04afd760-8173-4069-9e82-d3bf053d9eae

SQL Server 2000 Reporting Services SP2 (QFE):
http://www.microsoft.com/downloads/details.aspx?familyid=5F9E7F78-7439-414B-A9DC-A779B89427DB

SQL Server 2005 SP2 (GDR):
http://www.microsoft.com/downloads/details.aspx?familyid=4603C722-2468-4ADB-B945-2ED0458B8F47

SQL Server 2005 SP2 (QFE):
http://www.microsoft.com/downloads/details.aspx?familyid=5148B887-F323-4ADB-9721-61E1C0CFD213

SQL Server 2005 x64 Edition SP2 (GDR):
http://www.microsoft.com/downloads/details.aspx?familyid=4603C722-2468-4ADB-B945-2ED0458B8F47

SQL Server 2005 x64 Edition SP2 (QFE):
http://www.microsoft.com/downloads/details.aspx?familyid=5148B887-F323-4ADB-9721-61E1C0CFD213

SQL Server 2005 for Itanium-based Systems SP2 (GDR):
http://www.microsoft.com/downloads/details.aspx?familyid=4603C722-2468-4ADB-B945-2ED0458B8F47

SQL Server 2005 for Itanium-based Systems SP2 (QFE):
http://www.microsoft.com/downloads/details.aspx?familyid=5148B887-F323-4ADB-9721-61E1C0CFD213

Microsoft Visual Studio .NET 2002 SP1:
http://www.microsoft.com/downloads/details.aspx?familyid=7848A652-4025-44BB-9C98-37A078B56D01

Microsoft Visual Studio .NET 2003 SP1:
http://www.microsoft.com/downloads/details.aspx?familyid=9BC1E8F8-6C30-4AA0-90F5-FBB0AD5FD90E

Microsoft Visual Studio 2005 SP1:
http://www.microsoft.com/downloads/details.aspx?familyid=A7BF790B-3249-4EE8-9440-FA911EBBC08A

Microsoft Visual Studio 2008:
http://www.microsoft.com/downloads/details.aspx?familyid=A8C80B29-6D00-4949-A005-5D706122919A

Microsoft Report Viewer 2005 SP1 Redistributable Package:
http://www.microsoft.com/downloads/details.aspx?familyid=82833F27-081D-4B72-83EF-2836360A904D

Microsoft Report Viewer 2008 Redistributable Package:
http://www.microsoft.com/downloads/details.aspx?familyid=6AE0AA19-3E6C-474C-9D57-05B2347456B1

Microsoft Visual FoxPro 8.0 SP1 (Windows 2000 SP4):
http://www.microsoft.com/downloads/details.aspx?familyid=1F4371B9-B8BE-4455-94D2-2304EE340543

Microsoft Visual FoxPro 9.0 SP1 (Windows 2000 SP4):
http://www.microsoft.com/downloads/details.aspx?familyid=49B21E30-722D-446E-9020-ACEB3870DB69

Microsoft Visual FoxPro 9.0 SP2 (Windows 2000 SP4):
http://www.microsoft.com/downloads/details.aspx?familyid=36957F47-9D8B-477D-BD60-5959E5A2EAFA

Microsoft Platform SDK Redistributable: GDI+:
http://www.microsoft.com/downloads/details.aspx?FamilyId=6A63AB9C-DF12-4D41-933C-BE590FEAA05A

Microsoft Forefront Client Security 1.0 (Windows 2000 SP4):
http://www.microsoft.com/downloads/details.aspx?familyid=1EB1A79F-44CA-499E-90BB-AC51894E9D1E

PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits Greg MacManus, iDefense Labs.
2) The vendor credits Bing Liu, Fortinet.
3) The vendor credits Ivan Fratric via ZDI and Peter Winter-Smith,
NGSSoftware.
4) The vendor credits Assurent Secure Technologies.
5) The vendor credits an anonymous person via ZDI.

ORIGINAL ADVISORY:
MS08-052 (KB954593):
http://www.microsoft.com/technet/security/Bulletin/MS08-052.mspx

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------