Autor
Citar
Citar
The vulnerability is caused due to improper handling of graphic control extension when processing malformed GIF files. The vulnerability can be triggered if a large number of extension markers (0x21) followed by unknown labels is found when processing a GIF file.
Impact:
This vulnerability can be used to corrupt memory of any application utilizing GDI+ for GIF file decoding if it is used to open a malformed GIF file. This could lead to code execution with the privileges of the user running the vulnerable application.
Solution:
Microsoft has released a solution available at MS08-052.
CVE Information:
CVE-2008-3013
Impact:
This vulnerability can be used to corrupt memory of any application utilizing GDI+ for GIF file decoding if it is used to open a malformed GIF file. This could lead to code execution with the privileges of the user running the vulnerable application.
Solution:
Microsoft has released a solution available at MS08-052.
CVE Information:
CVE-2008-3013
fuente : securiTeam
Lo que dice es que se puede realizar , creando un GIF que tenga muchas extension markers (x21) que son las marcas donde empiezan los bloques
(ver formato Gif http://www.onicos.com/staff/iz/formats/gif.html) corromper la memoria y hacer un DoS o bien Ejecutar codigo
bueno es otra vulnerabilidad interesante. si consigo realizar algo lo posteare aqui
y si alguien consigue algo o esta interesado en el tema , sera bienvenido
saludos
En línea
