Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:20490
HistorySep 10, 2008 - 12:00 a.m.

Windows GDI+ GIF memory corruption

2008-09-1000:00:00
vulners.com
26
JSON

There is a memory corruption vulnerability with GIF file processing in
Microsoft GDI+ that can be used to crash a vulnerable application and
potentially execute arbitrary code.

###################
#The vulnerability#
###################

The vulnerability is caused due to improper handling of graphic
control extension when processing malformed GIF files. The
vulnerability can be triggered if a large number of extension markers
(0x21) followed by unknown labels is found when processing a GIF file.

########
#Impact#
########

This vulnerability can be used to corrupt memory of any application
utilizing GDI+ for GIF file decoding if it is used to open a malformed
GIF file. This could lead to code execution with the privileges of the
user running the vulnerable application.

############
#References#
############

http://ifsec.blogspot.com/2008/09/windows-gdi-gif-memory-corruption.html
http://www.zerodayinitiative.com/advisories/ZDI-08-056/
http://www.microsoft.com/technet/security/bulletin/ms08-052.mspx
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3013

Related

checkpoint_advisories 2
cve 1
prion 1
seebug 1
securityvulns 3
zdi 1
openvas 2
nessus 2
mskb 1
checkpoint_advisories
checkpoint_advisories
Microsoft Windows GDI+ GIF Parsing Buffer Overflow (MS08-052; CVE-2008-3013)
2008-09-02 00:00:00
Microsoft Windows GDI+ GIF Parsing Buffer Overflow (MS08-052) - Ver2 (CVE-2008-3013)
2015-05-18 00:00:00
cve
cve
CVE-2008-3013
2008-09-11 01:11:00
prion
prion
Code injection
2008-09-11 01:11:00
seebug
seebug
Microsoft GDI+ GIF文件远程代码执行漏洞(MS08-052)
2008-09-11 00:00:00
securityvulns
securityvulns
ZDI-08-056: Microsoft Windows GDI+ GIF Parsing Code Execution Vulnerability
2008-09-10 00:00:00
Microsoft Security Bulletin MS08-052 – Critical Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593)
2008-09-10 00:00:00
Microsoft Windows GDI library multiple security vulnerabilities
2008-09-10 00:00:00
zdi
zdi
Microsoft Windows GDI+ GIF Parsing Code Execution Vulnerability
2008-09-09 00:00:00
openvas
openvas
Microsoft Products GDI Plus Remote Code Execution Vulnerabilities (954593)
2011-01-18 00:00:00
Microsoft Products GDI Plus Remote Code Execution Vulnerabilities (954593)
2011-01-18 00:00:00
nessus
nessus
MS08-052: Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593) (uncredentialed check)
2018-01-24 00:00:00
MS08-052: Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593)
2008-09-10 00:00:00
mskb
mskb
KB954593 - MS08-052: Vulnerabilities in GDI+ could allow remote code execution
2020-10-20 07:12:22
JSON
Related for SECURITYVULNS:DOC:20490
checkpoint_advisories2cve1prion1seebug1securityvulns3zdi1openvas2nessus2mskb1