=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2008/VULN571
_____________________________________________________________________

DATE                      : 10/12/2008

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Windows 2000, Windows XP, Windows Server 2003,
                            Windows Vista, Windows Server 2008 running GDI.

======================================================================
KB956802
http://www.microsoft.com/technet/security/Bulletin/ms08-071.mspx
______________________________________________________________________

Microsoft Security Bulletin MS08-071 - Critical

Vulnerabilities in GDI Could Allow Remote Code Execution (956802)

   Published: December 9, 2008

   Version: 1.0

General Information

Executive Summary

   This security update resolves two privately reported vulnerabilities in
   GDI. Exploitation of either of these vulnerabilities could allow remote
   code execution if a user opens a specially crafted WMF image file. An
   attacker who successfully exploited these vulnerabilities could take
   complete control of an affected system. An attacker could then install
   programs; view, change, or delete data; or create new accounts with full
   user rights. Users whose accounts are configured to have fewer user rights
   on the system could be less impacted than users who operate with
   administrative user rights.

   This security update is rated Critical for all supported editions of
   Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista,
   and Windows Server 2008. For more information, see the subsection, Affected
   and Non-Affected Software, in this section.

   The security update addresses the vulnerabilities by modifying the way GDI
   validates file size parameters and performs integer calculations to prevent
   overflow conditions. For more information about the vulnerabilities, see
   the Frequently Asked Questions (FAQ) subsection for the specific
   vulnerability entry under the next section, Vulnerability Information.

   Recommendation. Microsoft recommends that customers apply the update
   immediately.

   Known Issues. None

Affected Software

   Microsoft Windows 2000 Service Pack 4

   Windows XP Service Pack 2

   Windows XP Service Pack 3

   Windows XP Professional x64 Edition and Windows XP Professional x64
   Edition Service Pack 2

   Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2

   Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition
   Service Pack 2

   Windows Server 2003 with SP1 for Itanium-based Systems and Windows
   Server 2003 with SP2 for Itanium-based Systems

   Windows Vista and Windows Vista Service Pack 1

   Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1

   Windows Server 2008 for 32-bit Systems*

   Windows Server 2008 for x64-based Systems*

   Windows Server 2008 for Itanium-based Systems

   * Windows Server 2008 server core installation affected. For supported
   editions of Windows Server 2008, this update applies, with the same
   severity rating, whether or not Windows Server 2008 was installed using
   the Server Core installation option.

Vulnerability Information

GDI Integer Overflow Vulnerability - CVE-2008-2249

   A remote code execution vulnerability exists in the way that GDI handles
   integer calculations. The vulnerability could allow remote code execution
   if a user opens a specially crafted WMF image file. An attacker who
   successfully exploited this vulnerability could take complete control of
   an affected system. An attacker could then install programs; view, change,
   or delete data; or create new accounts.

GDI Heap Overflow Vulnerability - CVE-2008-3465

   A remote code execution vulnerability exists in the way that GDI handles
   file size parameters in WMF files. The vulnerability could allow remote
   code execution if a third-party application uses a specific Microsoft API
   to copy a specially crafted WMF image file. An attacker who successfully
   exploited this vulnerability could take complete control of an affected
   system. An attacker could then install programs; view, change, or delete
   data; or create new accounts.


======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================