Affected systems
This vulnerability affects the following
Default Microsoft Windows operating systems:
- Microsoft Windows XP and Microsoft Windows XP Service Pack 1
- Microsoft Windows XP 64-bit Edition Service Pack 1
- Microsoft Windows XP 64-bit Edition version 2003
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 64-bit edition
Other Microsoft Windows operating systems, including systems running
Microsoft Windows XP Service Pack 2, are not affected by default. However,
This vulnerability can affect all versions of Microsoft Windows
operating systems if an app or update installs vulnerable software
version of the gdiplus.dll file on the system.
Please note that this vulnerability affects any software using the
Microsoft Windows operating system or Microsoft GDI+ library for rendering
JPEG graphics. Please see the Affected systems
section of the vulnerability rating to determine if third-party software
is affected. A list of affected Microsoft products is available in Appendix Bor for the complete list of persons concerned and
Microsoft products not affected, please see Microsoft Security
Newsletter MS04-028.
Preview
Graphic Device Interface Plus (GDI+) from Microsoft contains a
vulnerability in JPEG image processing. This vulnerability can
allow attackers to remotely execute arbitrary code on affected elements
system. Exploitation can occur as a result of visiting a malicious website.
site, read an email message rendered in HTML format, or open a counterfeit JPEG file
image in any vulnerable application. The privileges acquired by a remote control
the attacker depends on the software component attacked.
Description
Microsoft Security Bulletin MS04-028
describes a remotely exploitable buffer overflow vulnerability in
JPEG processing Graphic Device Interface Plus (GDI+) from Microsoft
component. Attackers can exploit this vulnerability by convincing a victim user to
visit a malicious website, read an HTML-formatted email message, or
otherwise, view a fake JPEG image with a vulnerable application. No users
intervention is required beyond viewing an attacker-provided JPEG file
picture.
All applications (Microsoft or third-party) that use the GDI+ library
rendering JPEG images may present additional attack vectors for this
vulnerability. While some applications use Windows operating system
version of the GDI+ library, other applications can install and use
another version, which may also be vulnerable. Microsoft created a
GDI+ detection tool to help detect products that may contain a vulnerable element
version of the JPEG parsing component. Microsoft Knowledge Base
Item 873374 provides instructions on how to download and use this
tool.
In addition to running the Microsoft detection utility, we recommend
by searching your system for “gdiplus.dll” to help you determine what
Third-party applications may be affected by this vulnerability. Also note
that applications can reinstall a vulnerable version of the
GDI+ library if reinstalled after applying a patch.
We track this vulnerability in Vulnerability
Rating VU#297462. This reference number corresponds to the CVE candidate CAN-2004-0200.
Impact
Remote attackers exploiting the vulnerability described above could
execute arbitrary code with the privileges of the user executing the
software components attacked.
Solution
Apply Microsoft patches
Apply appropriate patches as specified in Microsoft Security
Newsletter MS04-028.
Please note that this bulletin provides several operational updates
system and various applications that rely on GDI+ to render JPEG images.
Depending on your system configuration, you may need to install multiple
fixes.
In addition to publishing some fixes on Windows UpdateMicrosoft
released some fixes on Desktop updateAnd
Developer tools patches are available from MS04-028.
Apply patches from third-party vendors
Third-party software that relies on GDI+ to render JPEG images may
also need to be updated. Apply the appropriate patches specified by
your seller. Please consult your supplier’s website and Affected systems
section of the vulnerability note for more information. According to
Depending on your system configuration, you may need to install multiple patches.
Follow Microsoft’s recommendations for workarounds
Microsoft offers several workarounds for this vulnerability.
Note that these workarounds do not remove the vulnerability from
system, and they will limit functionality. Please see “Workarounds
for JPEG vulnerability – CAN-2004-0200″ section of Microsoft Security
Newsletter MS04-028.
Appendix A. References
Appendix B. Affected Microsoft Products
The following Microsoft products are affected:
- Microsoft Office XP Service Pack 3
- Microsoft Office XP Service Pack 2
- Microsoft Office XP software:
- Outlook 2002
- Word 2002
- Excel 2002
- PowerPoint2002
- FrontPage 2002
- Publisher 2002
- Microsoft Office 2003
- Microsoft Office 2003 software:
- Outlook 2003
- Word 2003
- Excel 2003
- PowerPoint2003
- FrontPage 2003
- Publisher 2003
- InfoPath 2003
- OneNote2003
- Microsoft Project 2002 Service Pack 1 (all versions)
- Microsoft Project 2003 (all versions)
- Microsoft Visio 2002 Service Pack 2 (all versions)
- Microsoft Visio 2003 (all versions)
- Microsoft Visual Studio.NET 2002
- Microsoft Visual Studio .NET 2002 software:
- Visual Basic .NET 2002 Standard
- Visual C#.NET Standard 2002
- Visual C++ .NET 2002 Standard
- Microsoft Visual Studio.NET 2003
- Microsoft Visual Studio .NET 2003 software:
- Visual Basic .NET 2003 Standard
- Visual C#.NET Standard 2003
- Visual C++ .NET 2003 Standard
- Visual J#.NET Standard 2003
- The Microsoft .NET Framework SDK version 1.0 Service Pack 2
- Microsoft Imagine it! 2002 (all versions)
- Greetings Microsoft 2002
- Microsoft Imagine it! version 7.0 (all versions)
- Microsoft Digital Image Pro version 7.0
- Microsoft Imagine it! version 9 (all versions, including Picture It!
Library) - Microsoft Digital Image Pro version 9
- Microsoft Digital Image Suite version 9
- Microsoft Producer for Microsoft Office PowerPoint (all versions)
- Redistributable Microsoft Platform SDK: GDI+
- Internet Explorer 6 Service Pack1
- The Microsoft .NET Framework version 1.0 Service Pack 2
- The Microsoft .NET Framework version 1.1
Comments may be directed to US-CERT
Technical staff.
