Signature Detail

HTTP: Microsoft Windows Graphics Rendering Engine GIF Parsing Buffer Overflow

This signature detects GIF images that do not conform to the Graphic Image Format standard. A successful attack can compromise a vulnerable browser and allow code execution in the context of the user.

Extended Description

Microsoft GDI+ is prone to a remote code-execution vulnerability because the vector graphics link library improperly parses GIF image files. An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts may crash applications that use the library.

Affected Products

• Hitachi JP1/VERITAS Backup Exec 11d (Windows) 08-00
• Hitachi JP1/VERITAS Backup Exec 11d (Windows) 08-01
• Hitachi JP1/VERITAS Backup Exec 11d (Windows) 08-02
• Hitachi JP1/VERITAS Backup Exec 11d (Windows) 08-03
• Hitachi JP1/VERITAS Backup Exec 11d (Windows) 08-04
• Hitachi JP1/VERITAS Backup Exec 11d (Windows) 08-05
• Hitachi JP1/VERITAS Backup Exec 12 (Windows) 08-50
• Hitachi JP1/VERITAS Backup Exec 12 (Windows) 08-51
• Hitachi JP1/VERITAS Backup Exec 12 (Windows) 08-52
• HP Storage Management Appliance 2.1
• HP Storage Management Appliance I
• HP Storage Management Appliance II
• HP Storage Management Appliance III
• Microsoft Digital Image Suite 2006
• Microsoft Excel Viewer
• Microsoft Excel Viewer 2007
• Microsoft Expression Web 2
• Microsoft Expression Web
• Microsoft Forefront Client Security 1.0
• Microsoft Groove 2007 SP1
• Microsoft Groove 2007
• Microsoft Internet Explorer 6.0
• Microsoft Internet Explorer 6.0 SP1
• Microsoft Office 2003 SP3
• Microsoft Office 2007 SP1
• Microsoft Office 2007
• Microsoft Office Compatibility Pack 2007 SP1
• Microsoft Office Compatibility Pack 2007
• Microsoft Office Excel Viewer 2003 SP3
• Microsoft Office Excel Viewer 2003
• Microsoft Office XP SP1
• Microsoft Office XP SP2
• Microsoft Office XP SP3
• Microsoft Office XP
• Microsoft PowerPoint Viewer 2003
• Microsoft PowerPoint Viewer 2007 SP1
• Microsoft PowerPoint Viewer 2007
• Microsoft Project 2002 SP1
• Microsoft Project 2002
• Microsoft Report Viewer 2005 SP1
• Microsoft Report Viewer 2008
• Microsoft SQL Server 2000 Reporting Services SP2
• Microsoft SQL Server 2005 SP1
• Microsoft SQL Server 2005 SP2
• Microsoft SQL Server 2005
• Microsoft SQL Server 2005 Express Edition SP1
• Microsoft SQL Server 2005 Express Edition SP2
• Microsoft SQL Server 2005 Express Edition
• Microsoft SQL Server 2005 Express Edition with Advanced Serv SP1
• Microsoft SQL Server 2005 Express Edition with Advanced Serv SP2
• Microsoft SQL Server 2005 Itanium Edition SP1
• Microsoft SQL Server 2005 Itanium Edition SP2
• Microsoft SQL Server 2005 Itanium Edition
• Microsoft SQL Server 2005 x64 Edition SP1
• Microsoft SQL Server 2005 x64 Edition SP2
• Microsoft Visio 2002 SP1
• Microsoft Visio 2002 SP2
• Microsoft Visio 2002
• Microsoft Visio 2002 Professional SP2
• Microsoft Visio 2002 Standard SP2
• Microsoft Windows Server 2003 SP1
• Microsoft Windows Server 2003 SP2
• Microsoft Windows Server 2003 Datacenter Edition SP1
• Microsoft Windows Server 2003 Datacenter Edition
• Microsoft Windows Server 2003 Datacenter Edition Itanium SP1
• Microsoft Windows Server 2003 Datacenter Edition Itanium
• Microsoft Windows Server 2003 Datacenter x64 Edition SP2
• Microsoft Windows Server 2003 Datacenter x64 Edition
• Microsoft Windows Server 2003 Enterprise Edition SP1
• Microsoft Windows Server 2003 Enterprise Edition
• Microsoft Windows Server 2003 Enterprise Edition Itanium SP1
• Microsoft Windows Server 2003 Enterprise Edition Itanium
• Microsoft Windows Server 2003 Enterprise x64 Edition SP2
• Microsoft Windows Server 2003 Enterprise x64 Edition
• Microsoft Windows Server 2003 Itanium SP1
• Microsoft Windows Server 2003 Itanium SP2
• Microsoft Windows Server 2003 Itanium
• Microsoft Windows Server 2003 Standard Edition SP1
• Microsoft Windows Server 2003 Standard Edition SP2
• Microsoft Windows Server 2003 Standard Edition
• Microsoft Windows Server 2003 Standard x64 Edition
• Microsoft Windows Server 2003 Web Edition SP1
• Microsoft Windows Server 2003 Web Edition SP2
• Microsoft Windows Server 2003 Web Edition
• Microsoft Windows Server 2003 x64 SP1
• Microsoft Windows Server 2003 x64 SP2
• Microsoft Windows Server 2008 Datacenter Edition
• Microsoft Windows Server 2008 Enterprise Edition
• Microsoft Windows Server 2008 for 32-bit Systems
• Microsoft Windows Server 2008 for Itanium-based Systems
• Microsoft Windows Server 2008 for x64-based Systems
• Microsoft Windows Server 2008 Standard Edition
• Microsoft Windows Vista Business
• Microsoft Windows Vista Business SP1
• Microsoft Windows Vista Enterprise
• Microsoft Windows Vista Enterprise SP1
• Microsoft Windows Vista Home Basic
• Microsoft Windows Vista Home Basic SP1
• Microsoft Windows Vista Home Premium
• Microsoft Windows Vista Home Premium SP1
• Microsoft Windows Vista SP1
• Microsoft Windows Vista Ultimate
• Microsoft Windows Vista Ultimate SP1
• Microsoft Windows Vista
• Microsoft Windows Vista Business 64-bit edition SP1
• Microsoft Windows Vista Business 64-bit edition
• Microsoft Windows Vista Enterprise 64-bit edition SP1
• Microsoft Windows Vista Enterprise 64-bit edition
• Microsoft Windows Vista Home Basic 64-bit edition SP1
• Microsoft Windows Vista Home Basic 64-bit edition
• Microsoft Windows Vista Home Premium 64-bit edition SP1
• Microsoft Windows Vista Home Premium 64-bit edition
• Microsoft Windows Vista Ultimate 64-bit edition SP1
• Microsoft Windows Vista Ultimate 64-bit edition
• Microsoft Windows Vista x64 Edition SP1
• Microsoft Windows Vista x64 Edition
• Microsoft Windows XP
• Microsoft Windows XP 64-bit Edition SP1
• Microsoft Windows XP 64-bit Edition
• Microsoft Windows XP Gold
• Microsoft Windows XP Home SP1
• Microsoft Windows XP Home SP2
• Microsoft Windows XP Home SP3
• Microsoft Windows XP Home
• Microsoft Windows XP Media Center Edition SP1
• Microsoft Windows XP Media Center Edition SP2
• Microsoft Windows XP Media Center Edition SP3
• Microsoft Windows XP Media Center Edition
• Microsoft Windows XP Professional SP1
• Microsoft Windows XP Professional SP2
• Microsoft Windows XP Professional SP3
• Microsoft Windows XP Professional
• Microsoft Windows XP Professional x64 Edition SP2
• Microsoft Windows XP Professional x64 Edition
• Microsoft Word Viewer 2003 SP3
• Microsoft Word Viewer 2003
• Microsoft Works 8.0
• Nortel Networks CallPilot 1002Rp
• Nortel Networks CallPilot 200I
• Nortel Networks CallPilot 201I
• Nortel Networks CallPilot 702T
• Nortel Networks CallPilot 703T
• Nortel Networks Contact Center Administration
• Nortel Networks Contact Center Express
• Nortel Networks Contact Center Manager Server
• Nortel Networks Contact Center NCC
• Nortel Networks Contact Center - TAPI Server
• Nortel Networks Media Processing Svr 100
• Nortel Networks Media Processing Svr 1000 Rel 3.0
• Nortel Networks Media Processing Svr 500 Rel 3.0
• Nortel Networks Self-Service - CCSS7
• Nortel Networks Self-Service CCXML
• Nortel Networks Self-Service Peri Application
• Nortel Networks Self-Service Peri Workstation
• Nortel Networks Self-Service Speech Server
• Nortel Networks Self Service VoiceXML
• Nortel Networks Self-Service WVADS
• Research In Motion Blackberry Enterprise Server 4.0.3
• Research In Motion Blackberry Enterprise Server 4.1.3
• Research In Motion Blackberry Enterprise Server 4.1.4
• Research In Motion Blackberry Enterprise Server 4.1.5
• Research In Motion Blackberry Enterprise Server 4.1.6
• Research In Motion Blackberry Professional Software 4.1.4
• Research In Motion Blackberry Unite! 1.0
• Research In Motion Blackberry Unite! 1.0.1
• Research In Motion Blackberry Unite! 1.0.1 Bundle 36
• Symantec Backup Exec for Windows Servers 11D
• Symantec Backup Exec for Windows Servers 12.0

References

• BugTraq: 31020
• CVE: CVE-2008-3013