CERT-In Vulnerability Note CIVN-2006-45
ART Image rendering Vulnerability
Original Issue Date : June 14, 2006
Severity Rating: High
Systems Affected:
- Microsoft Windows XP Service Pack 1
- Microsoft Windows XP Service Pack 2
- Microsoft Windows XP Professional x64 Edition
- Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
- Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
- Microsoft Windows Server 2003 x64 Edition
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Windows 2000 with the Windows 2000 AOL Image Support Update installed
Overview
Remote code execution vulnerability exists in the way AOL ART images are handled. This vulnerability could allow an attacker to take complete control of an affected system.
Description
ART is an image file format used by the America Online (AOL) client software. Windows also includes the library and Internet Explorer displays ART images. An unchecked buffer in the ART image rendering library causes this remote execution vulnerability. An attacker could exploit the vulnerability by constructing a specially crafted ART image that could potentially allow remote code execution if a user visits a malicious web site or view a specially crafted e-mail message. An attacker who successfully exploits this vulnerability could gain the same user rights as the local user. If a user is logged on with administrative user rights, the attacker could take complete control of an affected system.
Note: Windows 2000 does not support AOL ART images by default. Windows 2000 is only affected if the Windows 2000 AOL Image Support Update has been installed.
Workarounds
Modify the Access Control List on the AOL ART files (i.e. jgdw400.dll & jgpl400.dll) to temporarily prevent them from being displayed in Internet Explorer by giving ‘Everyone' group ‘Deny' permissions.
Solution
Apply appropriate updates as mentioned in the Microsoft Security Bulletin MS06-022
Vendor Information
Microsoft
http://www.microsoft.com/technet/security/Bulletin/MS06-022.mspx
References
Security Focus
http://www.securityfocus.com/bid/18394/info
iDefense
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=407
CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2006-2378
US-CERT
http://www.kb.cert.org/vuls/id/923236 FrSIRT
http://www.frsirt.com/english/advisories/2006/2320
Secunia
http://secunia.com/advisories/20605
CVE
CVE-2006-2378
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
