> -----Original Message-----
> From: NSFOCUS Security Team [mailto:security@xxxxxxxxxxx]
> Sent: Wednesday, July 12, 2006 11:43 AM
> To: bugtraq@xxxxxxxxxxxxxxxxx;
> full-disclosure@xxxxxxxxxxxxxxxx; vulnwatch@xxxxxxxxxxxxx
> Subject: [VulnWatch] NSFOCUS SA2006-04 : Microsoft Office GIF
> Filter Buffer Overflow Vulnerability
>
> NSFOCUS Security Advisory (SA2006-04)
>
> Microsoft Office GIF Filter Buffer Overflow Vulnerability
>
> Release Date: 2006-07-12
>
> CVE ID: CVE-2006-0007
>
>
>
> Affected systems & software
> ===================
> Microsoft Office 2000
> Microsoft Office XP
> Microsoft Office 2003
>
> Unaffected systems & software
> ===================
>
>
> Summary
> =========
>
> NSFocus Security Team discovered a buffer overflow
> vulnerability in Microsoft Office
> GIF filter, which could allow attackers to run arbitrary code
> via a carefully crafted
> GIF image.
>
> Description
> ============
>
> GIFIMP32.FLT is a GIF image filter shipped with Microsoft
> Office, which is
> installed by default in %CommonProgramFiles%\Microsoft
> Shared\Grphflt\GIFIMP32.FLT.
>
> GIFIMP32.FLT contains a buffer overflow vulnerability in the
> handling of some
> malformed GIF images, which allows attackers to run arbitrary
> code. Any application
> that calls GIFIMP32.FLT is affected by this vulnerability.
> For example, mspaint.exe
> will call the filter automatically when opening files in .gif
> format, if Microsoft
> Office is installed. Attackers could gain control over a
> system by alluring users to
> open a malicious GIF image.
>
> Workaround
> =============
>
> 1. Do not open any GIF image from untrusted sources.
> 2. Temporarily remove GIFIMP32.FLT.
>
> Vendor Status
> ==============
>
> 2005.05.27 Informed the vendor
> 2005.06.02 Vendor confirmed the vulnerability
> 2006.07.11 Microsoft has released a security bulletin
> (MS06-039) and related
> patches.
>
> For more details about the security bulletin, please refer to:
>
>
> Additional Information
> ========================
>
> The Common Vulnerabilities and Exposures (CVE) project has
> assigned the
> name CVE-2006-0007 to this issue. This is a candidate for
> inclusion in the
> CVE list (), which standardizes names for
> security problems.
> Candidates may change significantly before they become
> official CVE entries.
>
> Acknowledgment
> ===============
>
> Yu Yang of NSFocus Security Team found the vulnerability.
>
> DISCLAIMS
> ==========
> THE INFORMATION PROVIDED IS RELEASED BY NSFOCUS "AS IS"
> WITHOUT WARRANTY
> OF ANY KIND. NSFOCUS DISCLAIMS ALL WARRANTIES, EITHER
> EXPRESSED OR IMPLIED,
> EXCEPT FOR THE WARRANTIES OF MERCHANTABILITY. IN NO EVENT
> SHALL NSFOCUS
> BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
> INCIDENTAL,CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES,
> EVEN IF NSFOCUS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
> DISTRIBUTION OR REPRODUCTION OF THE INFORMATION IS PROVIDED THAT THE
> ADVISORY IS NOT MODIFIED IN ANY WAY.
>
> Copyright 1999-2006 NSFOCUS. All Rights Reserved. Terms of use.
>
>
> NSFOCUS Security Team <security@xxxxxxxxxxx>
> NSFOCUS INFORMATION TECHNOLOGY CO.,LTD
> ()
>
> PGP Key:
> Key fingerprint = F8F2 F5D1 EF74 E08C 02FE 1B90 D7BF 7877 C6A6 F6DA
>
>
