The information has been provided by Microsoft Security Bulletin MS07-046.
The original article can be found at:
* Microsoft Windows 2000 Service Pack 4
* Windows XP Service Pack 2
* Windows XP Professional x64 Edition
* Windows Server 2003 Service Pack 1
* Windows Server 2003 x64 Edition
* Windows Server 2003 with SP1 for Itanium-based Systems
* Windows XP Professional x64 Edition Service Pack 2
* Windows Server 2003 Service Pack 2
* Windows Server 2003 x64 Edition Service Pack 2
* Windows Server 2003 with SP2 for Itanium-based Systems
* Windows Vista
* Windows Vista x64 Edition
Mitigating Factors for Remote Code Execution Vulnerability in GDI:
Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factor may be helpful in your situation:
* An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
* Microsoft Windows Vista and Windows Server 2003 Service pack 2 are unaffected by this issue.
FAQ for Remote Code Execution Vulnerability in GDI:
What is the scope of the vulnerability?
This is a remote code execution vulnerability. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
What causes the vulnerability ?
The vulnerability exists in the way that the Graphics Rendering Engine handles specially crafted images, potentially allowing arbitrary code to be executed.
What might an attacker use the vulnerability to do?
An attacker who successfully exploited this vulnerability could run code on the affected system.
How could an attacker exploit the vulnerability?
An attacker could exploit this vulnerability by creating a specially crafted attachment in e-mail and then persuading the user to open the attachment. If the user opened the attachment, the attacker could cause arbitrary code to run in the security context of the locally logged-on user.
What is GDI?
Microsoft Windows graphics device interface (GDI) enables applications to use graphics and formatted text on both the video display and the printer. Windows-based applications do not access the graphics hardware directly. Instead, GDI interacts with device drivers on behalf of applications. For more information on GDI, please visit the Windows GDI Start Page.
What systems are primarily at risk from the vulnerability?
Workstations and terminal servers are primarily at risk.
What does the update do?
The update removes the vulnerability by adding overflow validations to the handling of images.
When this security bulletin was issued, had this vulnerability been publicly disclosed?
No. Microsoft received information about this vulnerability through responsible disclosure.
When this security bulletin was issued, had Microsoft received any reports that this vulnerability was being exploited?
No. Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers and had not seen any examples of proof of concept code published when this security bulletin was originally issued.