Microsoft Windows XP Windows shell shimgvw.dll buffer overflow
| winxp-shell-shimgvw-bo (15284) |  High Risk |
Description:
Microsoft Windows XP is vulnerable to a heap-based buffer overflow in the shimgvw.dll file in the Windows shell (Explorer.exe). shimgvw.dll allows users to preview images. By creating a malicious .emf (Enhanced Metafile) or .wmf (Windows Media Player) file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the Windows shell to crash, once the file is viewed as a thumbnail using Explorer or the picture preview window for the file is opened. An attacker could exploit this vulnerability by creating a malicious Web page or by sending the URL to a victim in a malicious email.
Consequences:
Gain Access
Remedy:
Apply the appropriate patch for your system, as listed in the Microsoft Security Bulletin MS04-011. See References.
References:
- BugTraq Mailing List, Fri Feb 20 2004 - 12:45:39 CST : Windows XP explorer.exe heap overflow.
- BugTraq Mailing List, Mon Feb 23 2004 - 15:31:07 CST: Re: Windows XP explorer.exe heap overflow..
- CIAC Information Bulletin O-114: Microsoft Security Update for Microsoft Windows [REVISED 25 Jun 2004].
- CIAC Information Bulletin O-114: Microsoft Security Update for Microsoft Windows.
- Internet Security Systems Security Alert, April 13, 2004: Multiple Vulnerabilities in Microsoft Products.
- Microsoft Security Bulletin MS04-011: Security Update for Microsoft Windows (835732).
- BID-10120: Microsoft Windows WMF/EMF Image Formats Remote Buffer Overflow Vulnerability
- BID-9707: Microsoft Windows XP explorer.exe Multiple Memory Corruption Vulnerabilities
- CVE-2003-0906: Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image.
- US-CERT VU#547028: Microsoft Windows contains buffer overflow in processing of WMF and EMF image formats
Platforms Affected:
- Microsoft Windows XP
Reported:
Feb 23, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net