[VIM] VUPEN Security Research - Microsoft Windows Shell Graphics BMP "width" Integer Overflow Vulnerability

security curmudgeon jericho at attrition.org
Mon May 23 16:18:15 CDT 2011



: VUPEN Security Research - Microsoft Windows Shell Graphics BMP "width" 
: Integer Overflow Vulnerability

: The vulnerability is caused by an integer overflow error in the Windows 
: Shell graphics processor when parsing the "width" value within BMP 
: images, which could be exploited by remote attackers to compromise a 
: vulnerable system by tricking a user into opening or previewing a 
: malformed Office file or browsing to a network share, UNC, or WebDAV 
: location containing a specially crafted image.

: Apply the MS11-006 security update.

: http://www.vupen.com/english/advisories/2011/0018
: http://www.microsoft.com/technet/security/bulletin/MS11-006.mspx

The MS11-006 advisory only crosses to CVE-2010-3970. This was originally 
disclosed 2010-12-15 during a presentation called 'A Vulnerability in My 
Heart' by Moti & Xu Hao. It was further written about by Dan Goodin of The 
Register on 2011-01-04. The conference it was presented at was actually 
sponsored by VUPEN, among others.

I am curious about your disclosure timeline:

: 2011-01-15 - Vulnerability Discovered by VUPEN

Is this correct? You discovered it almost a month later, and published 
less details in your advisory than iDefense did on 2011-02-08?

Brian
OSVDB.org


More information about the VIM mailing list