Microsoft Windows Picture in addition to Fax Viewer Library Vulnerability !
I. BACKGROUND
The Windows Picture in addition to Fax Viewer "shimgvw.dll" library is used yesteryear Windows Explorer to generate thumbnail previews for media files.
II. DESCRIPTION
Remote exploitation of a buffer overflow vulnerability inward multiple versions of Microsoft Corp.'s Windows could allow attackers to execute arbitrary code on the targeted host.
An integer overflow vulnerability exists inward the "shimgvw" library. During the processing of an ikon inside a surely function, a bitmap containing a large "biWidth" value tin hold upwardly used to drive an integer calculation overflow. This status tin Pb to the overflow of a heap buffer in addition to may upshot inward the execute arbitrary code on the targeted host.
III. ANALYSIS
Exploitation could allow attackers to execute arbitrary code on the targeted host nether the privileges of the electrical flow logged-on user. Successful exploitation would take away the assaulter to entice his or her victim into viewing a specially-crafted thumbnail leveraging the vulnerability.
Some vectors of ready on include e-mail, the browser in addition to network shares. In an e-mail-based attack, the assaulter must entice his or her victim into opening or previewing a specially-crafted Office document containing a specially-crafted thumbnail. In a browser-based attack, the victim must exactly persuasion a maliciously crafted website. In a network part attack, such equally UNC or WebDAV, an assaulter would take away the victim to exactly navigate to the folder containing the crafted thumbnail.
IV. DETECTION
iDefense has confirmed the beingness of this vulnerability inward Microsoft Windows XP SP3. Influenza A virus subtype H5N1 amount listing of vulnerable Microsoft products tin hold upwardly flora inward Microsoft Security Bulletin MS11-006.
V. WORKAROUND
Microsoft has included an automated Microsoft Fix it solution for the Modify the Access Control List (ACL) on shimgvw.dll workaround, which tin hold upwardly flora at the next link:
http://support.microsoft.com/kb/2483185
VI. VENDOR RESPONSE
Microsoft Corp. has released patches which address this issue. Information almost downloadable vendor updates tin hold upwardly flora yesteryear clicking on the URLs shown.
http://www.microsoft.com/technet/security/bulletin/ms11-006.mspx
VII. CVE INFORMATION
The Common Vulnerabilities in addition to Exposures (CVE) projection has assigned the refer CVE-2010-3970 to this issue. This is a candidate for inclusion inward the CVE listing (http://cve.mitre.org/), which standardizes names for safety problems.
VIII. DISCLOSURE TIMELINE
01/12/2011 Initial Vendor Notification
01/12/2011 Initial Vendor Reply
02/08/2011 Coordinated Public Disclosure
IX. CREDIT
This vulnerability was reported to iDefense yesteryear Kobi Pariente in addition to Yaniv Miron.
News Source : Submitted By Samad Khan ( Con5tanTine )
The Windows Picture in addition to Fax Viewer "shimgvw.dll" library is used yesteryear Windows Explorer to generate thumbnail previews for media files.
II. DESCRIPTION
Remote exploitation of a buffer overflow vulnerability inward multiple versions of Microsoft Corp.'s Windows could allow attackers to execute arbitrary code on the targeted host.
An integer overflow vulnerability exists inward the "shimgvw" library. During the processing of an ikon inside a surely function, a bitmap containing a large "biWidth" value tin hold upwardly used to drive an integer calculation overflow. This status tin Pb to the overflow of a heap buffer in addition to may upshot inward the execute arbitrary code on the targeted host.
III. ANALYSIS
Exploitation could allow attackers to execute arbitrary code on the targeted host nether the privileges of the electrical flow logged-on user. Successful exploitation would take away the assaulter to entice his or her victim into viewing a specially-crafted thumbnail leveraging the vulnerability.
Some vectors of ready on include e-mail, the browser in addition to network shares. In an e-mail-based attack, the assaulter must entice his or her victim into opening or previewing a specially-crafted Office document containing a specially-crafted thumbnail. In a browser-based attack, the victim must exactly persuasion a maliciously crafted website. In a network part attack, such equally UNC or WebDAV, an assaulter would take away the victim to exactly navigate to the folder containing the crafted thumbnail.
IV. DETECTION
iDefense has confirmed the beingness of this vulnerability inward Microsoft Windows XP SP3. Influenza A virus subtype H5N1 amount listing of vulnerable Microsoft products tin hold upwardly flora inward Microsoft Security Bulletin MS11-006.
V. WORKAROUND
Microsoft has included an automated Microsoft Fix it solution for the Modify the Access Control List (ACL) on shimgvw.dll workaround, which tin hold upwardly flora at the next link:
http://support.microsoft.com/kb/2483185
VI. VENDOR RESPONSE
Microsoft Corp. has released patches which address this issue. Information almost downloadable vendor updates tin hold upwardly flora yesteryear clicking on the URLs shown.
http://www.microsoft.com/technet/security/bulletin/ms11-006.mspx
VII. CVE INFORMATION
The Common Vulnerabilities in addition to Exposures (CVE) projection has assigned the refer CVE-2010-3970 to this issue. This is a candidate for inclusion inward the CVE listing (http://cve.mitre.org/), which standardizes names for safety problems.
VIII. DISCLOSURE TIMELINE
01/12/2011 Initial Vendor Notification
01/12/2011 Initial Vendor Reply
02/08/2011 Coordinated Public Disclosure
IX. CREDIT
This vulnerability was reported to iDefense yesteryear Kobi Pariente in addition to Yaniv Miron.
News Source : Submitted By Samad Khan ( Con5tanTine )
Share This :
comment 0 Comments
more_vert