Microsoft Clip Art Buffer Overflow Vulnerability

BID:1034

Info

Microsoft Clip Art Buffer Overflow Vulnerability

Bugtraq ID: 1034
Class: Boundary Condition Error
CVE:
Remote: Yes
Local: Yes
Published: Mar 06 2000 12:00AM
Updated: Mar 06 2000 12:00AM
Credit: Discovered by Dildog <[email protected]> and publicized in Microsoft Security Bulletin (MS00-015) released on March 6, 2000.
Vulnerable: Microsoft Clip Art Gallery 5.0
+ Microsoft Home Publishing 2000
+ Microsoft Home Publishing 2000
+ Microsoft Office 2000 0
+ Microsoft Office 2000
+ Microsoft Office 2000
+ Microsoft Photodraw 2000
+ Microsoft Photodraw 2000
+ Microsoft PictureIt 2000
+ Microsoft PictureIt 2000
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
+ Microsoft Works 2000
+ Microsoft Works 2000
Not Vulnerable:

Discussion

Microsoft Clip Art Buffer Overflow Vulnerability

A vulnerability exists within the Microsoft Clip Art Gallery, where a remote user can crash the Clip Art application or possibly execute arbitrary code.

Clip art can be downloaded from any website and incorporated into the local gallery. A particular file format called .CIL is used in order to transport new clip art files to the users. The vulnerability is that a user may open a malformed .CIL file containing a long embedded field downloaded from a malicious third-party website or in the form of an email attachment regardless of it's origin.

Exploit / POC

Microsoft Clip Art Buffer Overflow Vulnerability

Dildog <[email protected]> of @Stake/L0pht Research Labs has authored an exploit for the Windows 2000 platform which creates a registry key. The exploit needs to be renamed to *.cil in order to function properly:

Solution / Fix

Microsoft Clip Art Buffer Overflow Vulnerability

Solution:
Microsoft has released a fully supported patch which rectifies this issue. It is available for download at the following location:

http://cgl.microsoft.com/clipgallerylive/pss/bufovrun.htm

It is also recommended to specify that .CIL files are not opened without confirmation. The steps to do so are outlined below:

- Double-click the My Computer icon on the desktop.
- On the Tools menu, select Folder Options.
- On the File Types tab, select the CIL file type.
- Click Advanced, and then select Confirm Open After Download.
- Click OK twice to return to the My Computer window.

References

Microsoft Clip Art Buffer Overflow Vulnerability

References:

© CVE.report 2026

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report