=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2007/VULN355
_____________________________________________________________________

DATE                      : 16/08/2007

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Tout Windows

======================================================================

MS07-046 - Vulnerability in GDI Could Allow Remote Code Execution (938829)

Original Bulletin:
  http://www.microsoft.com/technet/security/bulletin/ms07-046.mspx

Affected Software:

   Microsoft Windows 2000 Service Pack 4
   Microsoft Windows XP Service Pack 2
   Microsoft Windows XP Professional x64 Edition
   Microsoft Windows Server 2003 Service Pack 1
   Microsoft Windows Server 2003 x64 Edition
   Microsoft Windows Server 2003 with SP1 for Itanium-based Systems

Non-Affected Software:

   Microsoft Windows XP Professional x64 Edition Service Pack 2
   Microsoft Windows Server 2003 Service Pack 2
   Microsoft Windows Server 2003 x64 Edition Service Pack 2
   Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
   Microsoft Windows Vista
   Microsoft Windows Vista x64 Edition

Remote Code Execution Vulnerability in GDI- CVE-2007-3034

   A remote code execution vulnerability exists in the Graphics
Rendering Engine because of the way that it handles specially crafted
images. An attacker could exploit the vulnerability by constructing a
specially crafted image that could potentially allow remote code
execution if a user opened a specially crafted attachment in e-mail.

   An attacker who successfully exploited this vulnerability could gain
the same user rights as the local user. Users whose accounts are
configured to have fewer user rights on the system could be less
impacted than users who operate with administrative user rights.


======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================