U radu operacijskih sustava Microsoft Windows otkrivena je sigurnosna ranjivost. Ranjivost je posljedica pogreške u funkciji "CreateSizedDIBSECTION()" u biblioteci "shimgvw.dll". Takva situacija udaljenom napadaču omogućuje pokretanje proizvoljnog programskog koda. Zlouporaba podrazumijeva navođenje korisnika na pregled posebno oblikovane web stranice ili Office dokumenta. Budući da zasad nisu dostupne odgovarajuće zakrpe za otklanjanje spomenute ranjivosti, svim se korisnicima savjetuje ograničavanje pristupa "shimgvw.dll" biblioteci.
Secunia Advisory SA42779
Microsoft Windows Thumbnail Bitmap Parsing Buffer Overflow
Secunia Advisory SA42779
Get alerted and manage the vulnerability life cycle
Free Trial
Release Date 2011-01-05
Popularity 248 views
Comments 0 comments
Criticality level Extremely criticalExtremely critical
Impact System access
Where From remote
Authentication level Available in Customer Area
Report reliability Available in Customer Area
Solution Status Vendor Workaround
Systems affected Available in Customer Area
Approve distribution Available in Customer Area
Operating System
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2008
Microsoft Windows Storage Server 2003
Microsoft Windows Vista
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional
Secunia CVSS Score Available in Customer Area
CVE Reference(s) CVE-2010-3970 CVSS available in Customer Area
Description
A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a signedness error in the "CreateSizedDIBSECTION()" function within shimgvw.dll when parsing thumbnail bitmaps. This can be exploited to cause a stack-based buffer overflow via a specially crafted thumbnail image containing a negative "biClrUsed" value.
Successful exploitation allows execution of arbitrary code when a user e.g. views a malicious web page or Office document.
Solution
The vendor recommends restricting access to shimgvw.dll.
Provided and/or discovered by
Moti and Xu Hao at POC2010
Original Advisory
Microsoft:
http://www.microsoft.com/technet/security/advisory/2490606.mspx
Metasploit:
http://www.metasploit.com/redmine/projects/framework/repository/revisions/11466/entry/modules/exploits/windows/fileformat/ms11_xxx_createsizeddibsection.rb
Other references
Further details available in Customer Area
Deep Links
Links available in Customer Area
Posljednje sigurnosne preporuke