Microsoft Windows GDI+ ICO文件远程拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1113097 漏洞类型 设计错误
发布时间 2007-06-06 更新时间 2007-06-08
CVE编号 CVE-2007-2237 CNNVD-ID CNNVD-200706-088
漏洞平台 Windows CVSS评分 7.1
|漏洞来源
https://www.exploit-db.com/exploits/30160
https://www.securityfocus.com/bid/24346
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200706-088
|漏洞详情
MicrosoftWindows是美国微软(Microsoft)公司发布的一系列操作系统。MicrosoftWindows的GDI+(Gdiplus.dll)在处理畸形的ICO文件时存在拒绝服务漏洞,可能导致资源管理器在处理时发生崩溃。如果用户通过资源管理器或Windows图片和传真查看器之类的组件所打开的ICO文件中InfoHeader部分设置的Height值为0,就可能导致将0用作除数,资源管理器进程会崩溃。有漏洞函数反汇编如下:.text:4ED9E209;private:int__thiscallGpIcoCodec::IsValidDIB(unsignedint).text:4ED9E209?IsValidDIB@GpIcoCodec@@AAEHI@Zprocnear.text:4ED9E209;CODEXREF:GpIcoCodec::ReadHeaders(void)+188p
|漏洞EXP
source: http://www.securityfocus.com/bid/24346/info

Microsoft Windows is prone to a remote denial-of-service vulnerability because it fails to properly handle maliciously crafted ICO files.

An attacker may exploit this issue by enticing victims into opening a malicious file.

Successful exploits will result in denial-of-service conditions on applications using the affected library. Applications such as Windows Explorer or Picture and Fax viewer have been identified as vulnerable. 

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/30160.ico.zip
|受影响的产品
Microsoft Windows XP Tablet PC Edition SP2 Microsoft Windows XP Tablet PC Edition SP1 Microsoft Windows XP Tablet PC Edition Microsoft Windows XP Professional x64 Edition SP2 Microsoft W
|参考资料

来源:US-CERT
名称:VU#290961
链接:http://www.kb.cert.org/vuls/id/290961
来源:XF
名称:windows-gdi-dos(34743)
链接:http://xforce.iss.net/xforce/xfdb/34743
来源:BID
名称:24346
链接:http://www.securityfocus.com/bid/24346
来源:MILW0RM
名称:4044
链接:http://www.milw0rm.com/exploits/4044
来源:VUPEN
名称:ADV-2007-2083
链接:http://www.frsirt.com/english/advisories/2007/2083
来源:MISC
链接:http://www.csis.dk/dk/forside/GdiPlus.pdf
来源:SECTRACK
名称:1018202
链接:http://www.securitytracker.com/id?1018202
来源:BUGTRAQ
名称:20070607CSISAdvisory:MicrosoftGDI+Integerdivisionbyzeroflawhandling.ICOfiles
链接:http://www.securityfocus.com/archive/1/archive/1/470746/100/0/threaded