Update Protection against Microsoft Graphics Rendering Engine Thumbnail Image Stack Buffer Overflow Vulnerability (MS11-006)
| Check Point Reference: | CPAI-2011-003 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Microsoft Security Advisory (2490606) Microsoft Security Bulletin MS11-006 |
|
| Industry Reference(s): | CVE-2010-3970 | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? Windows XP SP3
Windows XP Professional x64 Edition SP2
Windows Server 2003 SP2
Windows Server 2003 x64 Edition SP2
Windows Server 2003 with SP2 (Itanium)
Windows Vista SP1
Windows Vista SP2
Windows Vista x64 Edition SP1
Windows Vista x64 Edition SP2
Windows Server 2008 for 32-bit Systems
Windows Server 2008 for 32-bit Systems SP2
Windows Server 2008 for x64-based Systems
Windows Server 2008 for x64-based Systems SP2
Windows Server 2008 (Itanium)
Windows Server 2008 (Itanium) SP2
| ||
| Vulnerability Description A stack buffer overflow vulnerability has been discovered in Microsoft's Graphics Rendering Engine. The vulnerability is caused when the Windows Graphics Rendering Engine improperly parses a specially crafted thumbnail image, resulting in a stack overflow. Thumbnails are reduced-size versions of pictures, used to help in recognizing and organizing them, serving the same role for images as a normal text index does for words. An attacker who successfully exploited this vulnerability could take complete control of an affected system. January 20, 2011: Check Point has confirmed a new attack vector related to this previously announced vulnerability. An important IPS/SmartDefense update is available to protect against this type of attack. Check Point strongly encourages customers who have not applied the Microsoft patch to update as soon as possible. |
||
|
Update/Patch Available Apply patches: Microsoft Security Bulletin MS11-006 |
|
|
Vulnerability Details The vulnerability is due to insufficient input validation by the Microsoft Graphics Rendering Engine when processing the biClrUsed of a bitmap thumbnail. A remote attacker may exploit this issue by enticing a user to handle a specially crafted file containing a malformed thumbnail. The file could be embedded in Office documents or a .MIC file. This vulnerability may be triggered by previewing the malicious file in thumbnail view. Successful exploitation of this vulnerability could lead to arbitrary code execution. |
Protection Overview
This protection will detect and block the transferring of files containing malformed thumbnails over HTTP and CIFS.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.