Buffer Overrun in Microsoft JPEG Processing (GDI+)

Reported September 14, 2004, by Microsoft

VERSIONS AFFECTED

  • Windows Server 2003
  • Windows XP
  • Microsoft Office 2003
  • Microsoft Office XP
  • Microsoft Project 2002 and 2003
  • Microsoft Visio 2002 and 2003
  • Microsoft Visual Studio .NET 2002 and 2003
  • Microsoft Windows .NET Framework 1.0 SDK Service Pack 2
  • Microsoft Picture It! 2002 versions 7.0 and 9
  • Microsoft Greetings 2002
  • Microsoft Digital Image Pro versions 7.0 and 9
  • Microsoft Digital Image Suite 9
  • Microsoft Producer for Microsoft Office PowerPoint
  • Microsoft Platform SDK Redistributable: GDI+

DESCRIPTION
A buffer-overrun vulnerability in the processing of JPEG image formats could allow remote code execution on a vulnerable system. Any program that processes JPEG images on the affected systems could be vulnerable to this attack, as could any system that uses the affected programs or components. A potential attacker who successfully exploited this vulnerability could take complete control of an affected system.

VENDOR RESPONSE
Microsoft has released security bulletin MS04-028, "Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)," to address this vulnerability and recommends that affected users immediately apply the appropriate patch listed in the bulletin.

CREDIT
Discovered by Nick DeBaggis.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish