Microsoft GDI+ Library JPEG Segment Length Integer Underflow Vulnerability

Microsoft (Graphics Device Interface) GDI+ JPEG handler is reported prone to an integer underflow vulnerability when handling JPEG format images. This issue presents itself due to a lack of sufficient sanity checks performed on certain JPEG data before this data employed as a bounds value for a memory copy operation.

A specially crafted JPEG image may trigger this vulnerability and result in the execution of arbitrary attacker-supplied code. Code execution would occur in the context of the user who is running the vulnerable software.

**Update: This issue is similar in nature to BID 1503, discovered by Solar Designer.

** An exploit that opens a command shell on the local vulnerable system as soon as the image is viewed has been released. Symantec has confirmed that this exploit code is functional. It is important to note that this exploit could potentially be modified to execute other code on the system. Administrators should remain vigilant and patch all vulnerable systems.


Privacy Statement
Copyright 2010, SecurityFocus