Related information

Microsoft Windows GDI library multiple security vulnerabilities

[Full-disclosure] Assurent VR - Microsoft Windows Graphics Rendering Engine WMF Parsing Buffer Overflow

iDefense Security Advisory 09.09.08: Microsoft Windows GDI+ Gradient Fill Heap Overflow Vulnerability

ZDI-08-056: Microsoft Windows GDI+ GIF Parsing Code Execution Vulnerability

ZDI-08-055: Microsoft Windows GDI+ BMP Parsing Code Execution Vulnerability

From:	Ivan Fratric <ifsecure_(at)_gmail.co>
Date:	10.09.2008
Subject:	Windows GDI+ GIF memory corruption

There is a memory corruption vulnerability with GIF file processing in
Microsoft GDI+ that can be used to crash a vulnerable application and
potentially execute arbitrary code.

###################
#The vulnerability#
###################

The vulnerability is caused due to improper handling of graphic
control extension when processing malformed GIF files. The
vulnerability can be triggered if a large number of extension markers
(0x21) followed by unknown labels is found when processing a GIF file.

########
#Impact#
########

This vulnerability can be used to corrupt memory of any application
utilizing GDI+ for GIF file decoding if it is used to open a malformed
GIF file. This could lead to code execution with the privileges of the
user running the vulnerable application.

############
#References#
############

http://ifsec.blogspot.com/2008/09/windows-gdi-gif-memory-corruption.html
http://www.zerodayinitiative.com/advisories/ZDI-08-056/
http://www.microsoft.com/technet/security/bulletin/ms08-052.mspx
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3013