[VIM] windows clarity
Steven M. Christey
coley at linus.mitre.org
Thu May 12 15:17:33 EDT 2005
Here's my original inquiry to MSRC.
I proposed creating separate CANs since they were separate issues, and
MSRC responded to confirm this.
From: Steven M. Christey [mailto:coley at mitre.org]
Sent: Tuesday, February 01, 2005 4:06 PM
To: Microsoft Security Response Center
Cc: coley at mitre.org
Subject: Clarification requested on CAN-2004-1049/MS05-002 ANI issue(s)
MS:MS05-002 discusses a "Cursor and Icon Format Handling Vulnerability"
and credits eEye, but also uses the CAN-2004-1049 reference, which is
for an xfocus-discovered issue.
Issue 1) The xfocus-reported issue is for an integer overflow in the
BUGTRAQ:20041223 Microsoft Windows LoadImage API Integer
Issue 2) The eEye-reported issue specifically involves manipulating
the "Length_of_AnimationHeader" field, whose value is "not
checked appropriately," however it's not an integer overflow
(since eEye would be smart enough to label it as such)
eEye further explicitly states "This vulnerability is a
separate vulnerability from the ones discovered by Xfocus."
BUGTRAQ:20050111 EEYE: Windows ANI File Parsing Buffer Overflow
By directly crediting eEye in MS05-002, but implicitly linking to the
xfocus issue in CAN-2004-1049, it seems to me that MS05-002 is covering
2 separate but closely related issues.
If this is the case, then I will update CAN-2004-1049 so that its
description mentions BOTH issues, and links to BOTH advisories.
Please confirm that this is the appropriate action. The alternative
would be to create a separate candidate for the eEye issue, but that
doesn't seem like the proper way to go; since both issues involve the
same general type of vulnerability, I'd prefer that they stay combined.
More information about the VIM