CVE-2006-0007

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

	SecuriTeam™ in Your Inbox

	E-mail this CVE-2006-0007 to a friend

New vulnerability?
New tool?
Tell us

Credit:
The information has been provided by NSFOCUS Security Team.
The original article can be found at: http://www.nsfocus.com/english/homepage/research/0604.htm

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Check for CVE-2006-0007

Vulnerability Assessment and Management.
Automated Pen Testing for 50 to 50,000 nodes
beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* Microsoft Office 2000
* Microsoft Office XP
* Microsoft Office 2003

GIFIMP32.FLT is a GIF image filter shipped with Microsoft Office, which is installed by default in %CommonProgramFiles%\Microsoft Shared\Grphflt\GIFIMP32.FLT.

GIFIMP32.FLT contains a buffer overflow vulnerability in the handling of some malformed GIF images, which allows attackers to run arbitrary code. Any application that calls GIFIMP32.FLT is affected by this vulnerability. For example, mspaint.exe will call the filter automatically when opening files in .gif format, if Microsoft Office is installed. Attackers could gain control over a system by alluring users to open a malicious GIF image.

Workaround:
1. Do not open any GIF image from untrusted sources.
2. Temporarily remove GIFIMP32.FLT.

CVE Information:
CVE-2006-0007

Disclosure Timeline:
2005.05.27 Informed the vendor
2005.06.02 Vendor confirmed the vulnerability
2006.07.11 Microsoft has released a security bulletin (MS06-039) and related patches.

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus