Windows GDI+ libraries JPEG buffer overflow updated since 15.09.2004
Published:		11.10.2004
Source:		MICROSOFT
SecurityVulns ID:		4004
Type:		library
Level:		8/10
Description:		Buffer overflow in JPEG parsing routines.

Affected:		MICROSOFT : Internet Explorer 6.0
		MICROSOFT : Windows XP
		MICROSOFT : Office XP
		MICROSOFT : Windows 2003 Server
		MICROSOFT : Project 2002
		MICROSOFT : Visio 2002
		BUSYNESSOBJECTS : Crystal Reports 10
		MICROSOFT : Visual Studio .Net 2003
		MICROSOFT : Office 2003
		MICROSOFT : Project 2003
		MICROSOFT : Visio 2003
		MICROSOFT : Visual Studio .NET 2002
		MICROSOFT : .NET Framework version 1.0 SDK
		MICROSOFT : Greetings 2002
		MICROSOFT : Picture It! 7.0
		MICROSOFT : Digital Image Pro 7.0
		MICROSOFT : Digital Image Pro 9
		MICROSOFT : Picture It! 9
		MICROSOFT : Digital Image Suite 9
		MICROSOFT : GDI+
		MICROSOFT : .NET Framework 1.0
		MICROSOFT : .NET Framework 1.1

Original document		SECUNIA, [SA12772] Crystal Reports JPEG Processing Buffer Overflow Vulnerability (11.10.2004)
		CERT, US-CERT Technical Cyber Security Alert TA04-260A -- Microsoft Windows JPEG component buffer overflow (17.09.2004)
		Nick D., Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow (15.09.2004)
		MICROSOFT, Microsoft Security Bulletin MS04-028 Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987) (15.09.2004)

Files:		GDIPLUS VULN - MS04-028 - CRASH TEST JPEG
		GDI+ JPEG Remote Exploit
		GDI+ buffer overrun Exploit, Modified by Crypto <crypto@xaker.ru>
		Windows XP JPEG Buffer Overflow POC
		Example of JPG Exploit & Shellcode
		Microsoft Security Bulletin MS04-028 Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)
Discuss:		Read or add your comments to this news (0 comments)