Mozilla GIF File Handling Buffer Overflow Vulnerability
| Attack ID: | CPAI-2005-53 | ||||||||
 |
|||||||||
| Publish Date: | |||||||||
|
|||||||||
| Last Update: | |||||||||
|
|||||||||
| Category: | Remote Code Execution | ||||||||
|
|||||||||
| Vulnerable Systems: | Firefox browser - all versions prior to 1.0.2 Mozilla Web browser - all versions prior to 1.7.6 |
||||||||
|
|||||||||
| Source: | Mozilla Foundation Security Advisory 2005-30 | ||||||||
|
|||||||||
| Description: | A vulnerability exists in the way several Mozilla software products process GIF images. To trigger this vulnerability, an attacker would have to persuade a user to view an email message or a Web page embedded with a specially crafted GIF image. An attacker who exploited this vulnerability could gain complete control of an affected system. |
||||||||
|
|||||||||
| Severity: | |
||||||||
| Details: | Graphic Interchange Format (GIF) is a widely used image standard, supported in image-enabled applications, including the affected Mozilla Web browsers. Mozilla browser and Firefox use a common image library to process GIF images. This library contains a heap overflow vulnerability, triggered when processing Application Extension Block in GIF images. |
||||||||
|
|||||||||
| Attack Detection: | Users of VPN-1 NG with Application Intelligence R55, R55W and InterSpect who have applied the solution outlined below will be able to detect attack attempts by the following log entries: Attack Info: GIF Content Protection Violation Attack Name: Malformed GIF Users of VPN-1 NG with Application Intelligence R55 will receive rule 9982 on their SmartView Tracker. |
||||||||
|
|||||||||
| Solution: | Users of VPN-1 NG with Application Intelligence R55, R55W and InterSpect should update their SmartDefense by clicking the Update Now (Online Update in R55W) button on the General window. This protection detects and blocks GIF files containing malformed application extension blocks. This protection identifies GIF files in HTTP traffic based on two methods: (1) by analyzing the content, searching for GIF headers and (2) by examining the Content-Type header provided by the Web server. When the Perform Strict Enforcement option is selected, both methods are applied to identify GIF content. The protection has been added under Application Intelligence > Content Protection. To enable the protection: 1. On the SmartDefense navigation tree, click Application Intelligence > Content Protection > Malformed GIF.  2. Install policy on all modules. Update from January 26, 2005: Please verify that you have downloaded the latest SmartDefense Update:
Note: This protection is performance-intensive. Activating it may consume considerable system resources. |
||||||||
|
|||||||||
| Industry Reference: | CAN-2005-0399 | ||||||||
|
|||||||||
| Additional Information: | |||||||||