Latest Patched Windows Exploit Is A Golden Oldie

[Guest Reimar]

Latest patched Windows exploit is a golden oldie

We've seen Microsoft patch vulnerabilities in Windows that we swear we'd seen before, and sometimes they all look so much alike that they tend to run together. But this one really is a classic: a buffer overrun triggered by a fake image file.

Who can forget the tumultuous days of 2004, when what was then considered a major threat to Windows loomed large: a way to easily trigger a buffer overrun in GDI+, Microsoft's once-improved Graphics Device Interface library? While patches were finally distributed that September, it seemed the company's eventual solution -- a completely new graphics foundation, WPF -- couldn't come too soon.

Four years later, the possibility of an uncontrolled exploit to GDI+ -- still a principal 2D graphics library in Windows -- apparently remains imminent. So perhaps the most important security fix in this month's Patch Tuesday from Microsoft includes a new patch for GDI+, to address possible buffer overrun exploits that can be triggered using maliciously crafted GIF, BMP, Windows Metafile (WMF), and Enhanced Metafile (EMF) images, as well as Vector Markup Language (VML) images that include gradients.

"The vulnerability is caused by a heap-based buffer overrun when GDI+ improperly processes gradient sizes handled by the vector graphics link library," reads Microsoft's bulletin this morning.

The September 2004 exploit is looked upon as the textbook example of the heap-based buffer overrun principle, though in this case involving JPEG images. In low-level programming, there are two types of storage buffers for the data that a program may need to use. A pointer keeps track of which item is the next to be recalled, and a "pop" instruction pulls that item from memory. For a stack, data is written to memory in such a way that the first item in becomes the last item out. A heap works differently, more like a stack of papers on one's desk: the first item in becomes the first item out.

The heap situation is said to be a little easier to exploit because whatever memory element can trigger the overflow can be added first and exploited immediately. Still, that doesn't explain why it took four years to realize that the same technique a maliciously crafted JPEG file would use to overflow a buffer, couldn't be used by a GIF file or a WMF file.

source: betanews.com

[zzdocxx]

Don't understand it but always apprecitate the news.

BTW after checking with some computer expert friends, I finally did SP 3 on my XPPro, on two of my computers. No problems.

Still holding of on FF3, maybe will do soon.

Haven't started with Google Chrome yet, want to see where it goes.

Got to replace my desktop fan, no big deal but hate pulling the box out from its home cuz of all the darn wires tethering it in the back.

That's a little off topic but I just wanted to say "Thanks" and keep the hits coming!

Another BTW, I heard an interesting review on the radio for a new video game, "Braid":

http://www.npr.org/templates/story/story.p...toryId=94025221

"The game, Braid, is less shoot-'em-up than meditation on the meaning of life — and within six days, it had been downloaded more than 50,000 times. Game critics are calling it a masterpiece. Braid feels like a game that a grown-up can play, and that a grown-up perhaps ought to play."

It is an X-Box game I believe. I am not a gamer but it sounded interesting. (I don't own stock in whoever makes X-Box either, lol!)

Edited September 11, 2008 by zzdocxx