| To: | <vulnwatch@vulnwatch.org> |
|---|---|
| Subject: | [VulnWatch] CSIS Advisory: Microsoft GDI+ Integer division by zero flaw handling .ICO files |
| From: | "Dennis Rand" <rand@csis.dk> |
| Date: | Wed, 6 Jun 2007 12:38:32 +0200 |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | vulnwatch-list@securepoint.com |
| Delivered-to: | mailing list vulnwatch@vulnwatch.org |
| Delivered-to: | moderator for vulnwatch@vulnwatch.org |
| List-help: | <mailto:vulnwatch-help@vulnwatch.org> |
| List-post: | <mailto:vulnwatch@vulnwatch.org> |
| List-subscribe: | <mailto:vulnwatch-subscribe@vulnwatch.org> |
| List-unsubscribe: | <mailto:vulnwatch-unsubscribe@vulnwatch.org> |
| Mailing-list: | contact vulnwatch-help@vulnwatch.org; run by ezmlm |
| Thread-index: | AceoHLvBibQGA+IhTFuIIPrW9NuwHQABtHcgAADPQPA= |
| Thread-topic: | CSIS Advisory: Microsoft GDI+ Integer division by zero flaw handling .ICO files |
CSIS Security Group has discovered an "Integer division by zero" flaw in the GDI+ component in Windows XP. This condition are activated when a malformed ICO file are viewed through either Windows Explorer or other components like "Windows Picture and Fax Viewer". The consequence of this flaw is a Denial of Service condition and doing a restart of the explorer process. Further exploitation has not been verified. The full advisory can be downloaded at the following link: http://www.csis.dk/dk/forside/GdiPlus.pdf Best Regards Dennis Rand Malware/Security Researcher CSIS Security Group http://www.csis.dk |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Next by Date: | [VulnWatch] iDefense Security Advisory 06.05.07: Symantec Ghost Multiple Denial of Service Vulnerabilities, iDefense Labs |
|---|---|
| Next by Thread: | [VulnWatch] iDefense Security Advisory 06.05.07: Symantec Ghost Multiple Denial of Service Vulnerabilities, iDefense Labs |
| Indexes: | [Date] [Thread] [Top] [All Lists] |