Microsoft Windows JPEG component buffer overflow

Technical Cyber Security Alert TA04-260A
Microsoft Windows JPEG component buffer overflow

Original release date: September 16, 2004
Last revised: –
Source: US-CERT

Systems Affected

This vulnerability affects the following Microsoft Windows operating
systems by default:

 * Microsoft Windows XP and Microsoft Windows XP Service Pack 1
 * Microsoft Windows XP 64-Bit Edition Service Pack 1
 * Microsoft Windows XP 64-Bit Edition Version 2003
 * Microsoft Windows Server 2003
 * Microsoft Windows Server 2003 64-Bit Edition

Other Microsoft Windows operating systems, including systems running
Microsoft Windows XP Service Pack 2, are not affected by default.
However, this vulnerability may affect all versions of the Microsoft
Windows operating systems if an application or update installs a
vulnerable version of the gdiplus.dll file onto the system.

Please note that this vulnerability affects any software that uses the
Microsoft Windows operating system or Microsoft’s GDI+ library to
render JPEG graphics. Please see Systems Affected section of the
vulnerability note to determine if third-party software is affected. A
list of affected Microsoft products is available in Appendix B, or for
the complete list of affected and non-affected Microsoft products,
please see Microsoft Security Bulletin MS04-028.

Overview

Microsoft’s Graphic Device Interface Plus (GDI+) contains a
vulnerability in the processing of JPEG images. This vulnerability may
allow attackers to remotely execute arbitrary code on the affected
system. Exploitation may occur as the result of viewing a malicious
web site, reading an HTML-rendered email message, or opening a crafted
JPEG image in any vulnerable application. The privileges gained by a
remote attacker depend on the software component being attacked.

I. Description

Microsoft Security Bulletin MS04-028 describes a remotely exploitable
buffer overflow vulnerability in Microsoft’s Graphic Device Interface
Plus (GDI+) JPEG processing component. Attackers can exploit this
vulnerability by convincing a victim user to visit a malicious web
site, read an HTML-rendered email message, or otherwise view a crafted
JPEG image with a vulnerable application. No user intervention is
required beyond viewing an attacker-supplied JPEG image.

Any applications (Microsoft or third-party) that use the GDI+ library
to render JPEG images may present additional attack vectors for this
vulnerability. While some applications use the Windows operating
system version of the GDI+ library, other applications may install and
use another version, which may also be vulnerable. Microsoft has
created a GDI+ Detection Tool to help detect products that may contain
a vulnerable version of the JPEG parsing component. Microsoft
Knowledge Base Article 873374 provides instructions on how to download
and use this tool.

In addition to running Microsoft’s detection utility, we recommend
searching your system for “gdiplus.dll” to help determine what
third-party applications may be affected by this vulnerability. Also
note that applications may re-install a vulnerable version of the GDI+
library if re-installed after a patch has been applied.

We are tracking this vulnerability in Vulnerability Note VU#297462.
This reference number corresponds to CVE candidate CAN-2004-0200.

II. Impact

Remote attackers exploiting the vulnerability described above may
execute arbitrary code with the privileges of the user running the
software components being attacked.

III. Solution

Apply patches from Microsoft

Apply the appropriate patches as specified in Microsoft Security
Bulletin MS04-028. Please note that this bulletin provides several
updates to the operating system and various applications that rely on
GDI+ to render JPEG images. Depending on your system’s configuration,
you may need to install multiple patches.

In addition to releasing some patches on Windows Update, Microsoft has
released some patches on Office Update, and developer tool patches are
available from MS04-028.

Apply patches from third-party vendors

Third-party software that relies on GDI+ to render JPEG images may
also need to be updated. Apply the appropriate patches specified by
your vendor. Please see the your vendor’s site and the Systems
Affected section of the vulnerability note for more information.
Depending on your system’s configuration, you may need install
multiple patches.

Follow Microsoft recommendations for workarounds

Microsoft provides several workarounds for this vulnerability. Note
that these workarounds do not remove the vulnerability from the
system, and they will limit functionality. Please consult the
"Workarounds for JPEG Vulnerability - CAN-2004-0200" section of
Microsoft Security Bulletin MS04-028.

Appendix A. References

 * Microsoft Security Bulletin MS04-028 -
   <http://microsoft.com/technet/security/bulletin/MS04-028.asp>
 * Microsoft End User Security Bulletin for MS04-028 -
   <http://www.microsoft.com/security/bulletins/200409_jpeg.mspx>
 * US-CERT Vulnerability Note VU#297462 -
   <http://www.kb.cert.org/vuls/id/297462>
 * Microsoft KB Article 873374 -
   <http://support.microsoft.com/?id=873374>
 * CVE CAN-2004-0200 -
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0200>

Appendix B. Affected Microsoft Products

The following Microsoft Products are affected:
* Microsoft Office XP Service Pack 3
* Microsoft Office XP Service Pack 2
* Microsoft Office XP Software:
+ Outlook 2002
+ Word 2002
+ Excel 2002
+ PowerPoint 2002
+ FrontPage 2002
+ Publisher 2002
* Microsoft Office 2003
* Microsoft Office 2003 Software:
+ Outlook 2003
+ Word 2003
+ Excel 2003
+ PowerPoint 2003
+ FrontPage 2003
+ Publisher 2003
+ InfoPath 2003
+ OneNote 2003
* Microsoft Project 2002 Service Pack 1 (all versions)
* Microsoft Project 2003 (all versions)
* Microsoft Visio 2002 Service Pack 2 (all versions)
* Microsoft Visio 2003 (all versions)
* Microsoft Visual Studio .NET 2002
* Microsoft Visual Studio .NET 2002 Software:
+ Visual Basic .NET Standard 2002
+ Visual C# .NET Standard 2002
+ Visual C++ .NET Standard 2002
* Microsoft Visual Studio .NET 2003
* Microsoft Visual Studio .NET 2003 Software:
+ Visual Basic .NET Standard 2003
+ Visual C# .NET Standard 2003
+ Visual C++ .NET Standard 2003
+ Visual J# .NET Standard 2003
* The Microsoft .NET Framework version 1.0 SDK Service Pack 2
* Microsoft Picture It! 2002 (all versions)
* Microsoft Greetings 2002
* Microsoft Picture It! version 7.0 (all versions)
* Microsoft Digital Image Pro version 7.0
* Microsoft Picture It! version 9 (all versions, including Picture
It! Library)
* Microsoft Digital Image Pro version 9
* Microsoft Digital Image Suite version 9
* Microsoft Producer for Microsoft Office PowerPoint (all versions)
* Microsoft Platform SDK Redistributable: GDI+
* Internet Explorer 6 Service Pack 1
* The Microsoft .NET Framework version 1.0 Service Pack 2
* The Microsoft .NET Framework version 1.1


Feedback can be directed to the US-CERT Technical Staff.


This document is available from:

  <http://www.us-cert.gov/cas/techalerts/TA04-260A.html>

Copyright 2004 Carnegie Mellon University.

Terms of use: <http://www.us-cert.gov/legal.html>


ตัวนี้ น่ากลัวมากนะครับ ยังไงใครยังไม่ได้ Windows update ก็รีบๆ ทำเสีย

http://thaicert.nectec.or.th/bulletin/microsoft/ms04-028.php

Microsoft Security Bulletin MS04-028
14 September 2547 Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution
เรียบเรียงโดย : ดร. บรรจง หะรังษี

กล่าวนำ

ไมโครซอฟต์ได้ประกาศแจ้งเตือนช่องโหว่ที่เกิดขึ้นในซอฟต์แวร์ที่เกี่ยวข้องกับการประมวลผลรูปภาพในรูปแบบ JPEG ปัญหาที่เกิดขึ้นคือซอฟต์แวร์ดังกล่าวไม่ได้ทำการตรวจสอบข้อมูลในหน่วยความจำก่อนที่จะนำไปใช้งาน (Buffer Overrun) เมื่อผู้บุกรุกเขียนทับด้วยโค้ดที่จัดเตรียมไว้ลงไปที่หน่วยความจำที่ไม่ได้มีการตรวจสอบ ก็จะทำให้สามารถสั่งรันโค้ดที่จัดเตรียมไว้นั้นในเครื่องที่ยังไม่ได้อุดช่องโหว่นี้

ถ้าผู้ใช้งานเครื่องคอมพิวเตอร์ที่มีช่องโหว่ดังกล่าวล็อกอินภายใต้สิทธิของผู้ดูแลระบบ การจู่โจมโดยใช้ช่องโหว่นี้อาจทำให้ผู้บุกรุกสามารถควบคุมเครื่องคอมพิวเตอร์ไว้ได้ทั้งหมด ได้แก่ การติดตั้งโปรแกรมใหม่เข้าไป การดู การเปลี่ยนแปลง หรือการลบข้อมูลต่างๆ ที่อยู่ในเครื่องคอมพิวเตอร์ รวมทั้งการสร้างบัญชีผู้ใช้ขึ้นมาใหม่ ผู้ใช้งานที่ล็อกอินภายใต้สิทธิที่ต่ำกว่าผู้ดูแลระบบจะมีความเสี่ยงน้อยกว่าที่จะถูกจู่โจมโดยใช้ช่องโหว่นี้

ผลกระทบของช่องโหว่นี้

ผู้บุกรุกสามารถสั่งรันโปรแกรมบนเครื่องคอมพิวเตอร์ที่ไม่ได้รับการอุดช่องโหว่นี้

ระดับความรุนแรง

สูงสุด (Critical)

ซอฟต์แวร์ที่ได้รับผลกระทบและต้องติดตั้งโปรแกรมอุดช่องโหว่

* Microsoft Windows XP and Microsoft Windows XP Service Pack 1 - ดาวน์โหลดจากลิงก์นี้ [http://www.microsoft.com/downloads/details...&displaylang=en](http://www.microsoft.com/downloads/details.aspx?FamilyId=6F8D70C1-63BD-4213-82C1-20266FDFD735&displaylang=en)
* Microsoft Windows XP 64-Bit Edition Service Pack 1 - ดาวน์โหลดจากลิงก์นี้ [http://www.microsoft.com/downloads/details...&displaylang=en](http://www.microsoft.com/downloads/details.aspx?FamilyId=1631C3F7-A40E-4B26-BD92-12141E6A7F58&displaylang=en)
* Microsoft Windows XP 64-Bit Edition Version 2003 - ดาวน์โหลดจากลิงก์นี้ [http://www.microsoft.com/downloads/details...&displaylang=en](http://www.microsoft.com/downloads/details.aspx?FamilyId=98BFF681-9703-4D23-8DF8-B7239D6C531C&displaylang=en)
* Microsoft Windows ServerTM 2003 - ดาวน์โหลดจากลิงก์นี้ [http://www.microsoft.com/downloads/details...&displaylang=en](http://www.microsoft.com/downloads/details.aspx?FamilyId=B2FBD93C-3DC3-4A9E-BDD6-9F39726EE3E2&displaylang=en)
* Microsoft Windows Server 2003 64-Bit Edition - ดาวน์โหลดจากลิงก์นี้ [http://www.microsoft.com/downloads/details...&displaylang=en](http://www.microsoft.com/downloads/details.aspx?FamilyId=98BFF681-9703-4D23-8DF8-B7239D6C531C&displaylang=en)
* Microsoft Office XP Service Pack 3 - ดาวน์โหลดจากลิงก์นี้ [http://www.microsoft.com/downloads/details...&displaylang=en](http://www.microsoft.com/downloads/details.aspx?FamilyId=7D128614-6D34-49DF-8D63-6C17E9A2D312&displaylang=en)
  Microsoft Office XP Service Pack 3 Software:
      o Outlook® 2002
      o Word 2002
      o Excel 2002
      o PowerPoint® 2002
      o FrontPage® 2002
      o Publisher 2002 
* Microsoft Office 2003 - ดาวน์โหลดจากลิงก์นี้ [http://www.microsoft.com/downloads/details...&displaylang=en](http://www.microsoft.com/downloads/details.aspx?FamilyId=106BCF99-1BA9-4035-94C5-2A7FA90E5971&displaylang=en)
  Microsoft Office 2003 Software:
      o Outlook® 2003
      o Word 2003
      o Excel 2003
      o PowerPoint® 2003
      o FrontPage® 2003
      o Publisher 2003
      o InfoPathTM 2003
      o OneNoteTM 2003
* Microsoft Project 2002 Service Pack 1 (all versions) - ดาวน์โหลดจากลิงก์นี้ [http://www.microsoft.com/downloads/details...&displaylang=en](http://www.microsoft.com/downloads/details.aspx?FamilyId=B3EBCCEA-B0E4-41C7-A6F4-413864D2CCF3&displaylang=en)
* Microsoft Project 2003 (all versions) - ดาวน์โหลดจากลิงก์นี้ [http://www.microsoft.com/downloads/details...&displaylang=en](http://www.microsoft.com/downloads/details.aspx?FamilyId=9E37B6B0-A028-47EA-8FA1-3705877A2908&displaylang=en)
* Microsoft Visio 2002 Service Pack 2 (all versions) - ดาวน์โหลดจากลิงก์นี้ [http://www.microsoft.com/downloads/details...&displaylang=en](http://www.microsoft.com/downloads/details.aspx?FamilyId=16C2DFFD-7B73-43C4-AB0D-2B5EFC80EB63&displaylang=en)
* Microsoft Visio 2003 (all versions) - ดาวน์โหลดจากลิงก์นี้ [http://www.microsoft.com/downloads/details...&displaylang=en](http://www.microsoft.com/downloads/details.aspx?FamilyId=C07D40A5-6F87-4D50-9640-34FFD2F189E1&displaylang=en)
* Microsoft Visual Studio .NET 2002 - ดาวน์โหลดจากลิงก์นี้ [http://www.microsoft.com/downloads/details...&displaylang=en](http://www.microsoft.com/downloads/details.aspx?FamilyId=44004D19-B22F-4AF2-A701-1FCB0467FBF9&displaylang=en)
  Microsoft Visual Studio .NET 2002 Software:
      o Visual Basic .NET Standard 2002
      o Visual C# .NET Standard 2002
      o Visual C++ .NET Standard 2002
* Microsoft Visual Studio .NET 2003 - ดาวน์โหลดจากลิงก์นี้ [http://www.microsoft.com/downloads/details...&displaylang=en](http://www.microsoft.com/downloads/details.aspx?FamilyId=A13B7A21-463C-4286-AD68-E692417E80E2&displaylang=en)
  Microsoft Visual Studio .NET 2003 Software:
      o Visual Basic .NET Standard 2003
      o Visual C# .NET Standard 2003
      o Visual C++ .NET Standard 2003
      o Visual J# .NET Standard 2003
* The Microsoft .NET Framework version 1.0 SDK Service Pack 2 - ดาวน์โหลดจากลิงก์นี้ [http://www.microsoft.com/downloads/details...&displaylang=en](http://www.microsoft.com/downloads/details.aspx?familyid=6978D761-4A92-4106-A9BC-83E78D4ABC5B&displaylang=en)
* Microsoft Picture It!® 2002 (all versions) - ดาวน์โหลดจากลิงก์นี้ [http://www.microsoft.com/downloads/details...&displaylang=en](http://www.microsoft.com/downloads/details.aspx?FamilyId=235EBC80-564B-4B52-A344-502E25AAD7FE&displaylang=en)
* Microsoft Greetings 2002 - ดาวน์โหลดจากลิงก์นี้ [http://www.microsoft.com/downloads/details...&displaylang=en](http://www.microsoft.com/downloads/details.aspx?FamilyId=235EBC80-564B-4B52-A344-502E25AAD7FE&displaylang=en)
* Microsoft Picture It! version 7.0 (all versions) - ดาวน์โหลดจากลิงก์นี้ [http://www.microsoft.com/downloads/details...&displaylang=en](http://www.microsoft.com/downloads/details.aspx?FamilyId=235EBC80-564B-4B52-A344-502E25AAD7FE&displaylang=en)
* Microsoft Digital Image Pro version 7.0 - ดาวน์โหลดจากลิงก์นี้ [http://www.microsoft.com/downloads/details...&displaylang=en](http://www.microsoft.com/downloads/details.aspx?FamilyId=235EBC80-564B-4B52-A344-502E25AAD7FE&displaylang=en)
* Microsoft Picture It! version 9 (all versions, including Picture It! Library) - ดาวน์โหลดจากลิงก์นี้ [http://www.microsoft.com/downloads/details...&displaylang=en](http://www.microsoft.com/downloads/details.aspx?FamilyId=235EBC80-564B-4B52-A344-502E25AAD7FE&displaylang=en)
* Microsoft Digital Image Pro version 9 - ดาวน์โหลดจากลิงก์นี้ [http://www.microsoft.com/downloads/details...&displaylang=en](http://www.microsoft.com/downloads/details.aspx?FamilyId=235EBC80-564B-4B52-A344-502E25AAD7FE&displaylang=en)
* Microsoft Digital Image Suite version 9 - ดาวน์โหลดจากลิงก์นี้ [http://www.microsoft.com/downloads/details...&displaylang=en](http://www.microsoft.com/downloads/details.aspx?FamilyId=235EBC80-564B-4B52-A344-502E25AAD7FE&displaylang=en)
* Microsoft Producer for Microsoft Office PowerPoint (all versions) - ดาวน์โหลดจากลิงก์นี้ [http://www.microsoft.com/downloads/details...&DisplayLang=en](http://www.microsoft.com/downloads/details.aspx?FamilyID=1b3c76d5-fc75-4f99-94bc-784919468e73&DisplayLang=en)
* Microsoft Platform SDK Redistributable: GDI+ - ดาวน์โหลดจากลิงก์นี้ [http://www.microsoft.com/downloads/details...&displaylang=en](http://www.microsoft.com/downloads/details.aspx?FamilyId=6A63AB9C-DF12-4D41-933C-BE590FEAA05A&displaylang=en)

คอมโพเน้นท์ที่ได้รับผลกระทบและต้องติดตั้งโปรแกรมอุดช่องโหว่

* Internet Explorer 6 Service Pack 1 - ดาวน์โหลดจากลิงก์นี้ [http://www.microsoft.com/downloads/details...&displaylang=en](http://www.microsoft.com/downloads/details.aspx?FamilyId=B0095851-674D-4357-868C-DD75D88405EC&displaylang=en)
* The Microsoft .NET Framework version 1.0 Service Pack 2 - ดาวน์โหลดจากลิงก์นี้ [http://www.microsoft.com/downloads/details...&displaylang=en](http://www.microsoft.com/downloads/details.aspx?familyid=6978D761-4A92-4106-A9BC-83E78D4ABC5B&displaylang=en)
* The Microsoft .NET Framework version 1.1 - ดาวน์โหลดจากลิงก์นี้ [http://www.microsoft.com/downloads/details...&displaylang=en](http://www.microsoft.com/downloads/details.aspx?familyid=A8F5654F-088E-40B2-BBDB-A83353618B38&displaylang=en)

ซอฟต์แวร์ที่ไม่ได้รับผลกระทบ

* Microsoft Windows NT Server 4.0 Service Pack 6a
* Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
* Microsoft Windows 2000 Service Pack 3, Microsoft Windows 2000 Service Pack 4
* Microsoft Windows XP Service Pack 2
* Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me)
* Microsoft Office 2003 Service Pack 1
* Microsoft Office 2000
* Microsoft Visio 2003 Service Pack 1
* Microsoft Visio 2000
* Microsoft Project 2003 Service Pack 1
* Microsoft Project 2000
* Microsoft Digital Image Suite 10, Microsoft Digital Image Pro 10, Picture It! Premium 10

คอมโพเน้นท์ที่ไม่ได้รับผลกระทบ

* Internet Explorer 5.01 Service Pack 3 on Windows 2000 Service Pack 3
* Internet Explorer 5.01 Service Pack 4 on Windows 2000 Service Pack 4
* Internet Explorer 5.5 Service Pack 2 on Microsoft Windows Millennium Edition
* The Microsoft .NET Framework version 1.0 Service Pack 3
* The Microsoft .NET Framework version 1.1 Service Pack 1
* The Microsoft .NET Framework version 1.1 Service Pack 1 for Windows Server 2003

วิธีแก้ไขปัญหา

ให้ติดตั้งโปรแกรมอุดช่องโหว่ตามข้อมูลข้างต้น

ผมเป็น XP SP2 จะเป็นไรมั๊ยคับ ie ก็ 6 กว่าๆแล้วนะ