Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Microsoft Image Format Handling Vulnerabilities


Overview

Microsoft image handling vulnerabilities can be exploited by using malformed versions of the popular image file types GIF, WMF, EMF and BMP. Microsoft’s GDI+ fails to handle these maliciously-crafted image files. By persuading a user to open the file, an attacker can take complete control of an affected system.

Details

EMF Vulnerability (MS08-052, CPAI-2008-141)
This vulnerability is caused by a memory corruption when GDI+ (gdiplus.dll) improperly processes a specially-crafted EMF image file. An EMF image is a 32-bit format that can contain both vector information and bitmap information.

GIF Parsing Vulnerability (MS08-052, CPAI-2008-140)
This vulnerability is caused by GDI+ improperly parsing records in a specially-crafted GIF image file. Graphics Interchange Format (GIF) images are single or multiple raster files that support transparency, compression, interlacing, and multiple-image pictures (animated GIFs).

WMF Vulnerability (MS08-052, CPAI-2008-142)
This vulnerability is caused by a buffer overrun when GDI+ improperly allocates memory when parsing a specially crafted WMF image file. A WMF image is a 16-bit metafile format that can contains both vector information and bitmap information.

BMP Integer Overflow Vulnerability (MS08-052, CPAI-2008-144)
This vulnerability is caused by a buffer overflow when GDI+ improperly processes a malformed header in a specially crafted BMP image file. Bitmap (BMP) image format is a graphics image file format defined by pixel data and file attributes.

Protection

SmartDefense’s strong and flexible engine emulates the complete parsing of affected image file formats and identifies malformed files attempting to exploit these vulnerabilities. This provides robust security against many different attack types.

To activate the protection:

  1. Within the SmartDashboard SmartDefense Tab, click Online Update.
  2. When prompted, enter your User Center login and password.
  3. Click Application Intelligence > Content Protection.
  4. Click the following updates and activate them in your profiles:
    • Block GDI+ BMP Integer Overflow
    • Block GDI+ EMF Memory Corruption
    • Block GDI+ WMF Buffer Overflow
    • Block GDI+ Parsing Vulnerability

Block GDI+ Parsing Vulnerability