Microsoft Clip Art Buffer Overflow Vulnerability
BID:1034
Info
Microsoft Clip Art Buffer Overflow Vulnerability
| Bugtraq ID: | 1034 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Mar 06 2000 12:00AM |
| Updated: | Mar 06 2000 12:00AM |
| Credit: | Discovered by Dildog <[email protected]> and publicized in Microsoft Security Bulletin (MS00-015) released on March 6, 2000. |
| Vulnerable: |
Microsoft Clip Art Gallery 5.0 |
| Not Vulnerable: | |
Discussion
Microsoft Clip Art Buffer Overflow Vulnerability
A vulnerability exists within the Microsoft Clip Art Gallery, where a remote user can crash the Clip Art application or possibly execute arbitrary code.
Clip art can be downloaded from any website and incorporated into the local gallery. A particular file format called .CIL is used in order to transport new clip art files to the users. The vulnerability is that a user may open a malformed .CIL file containing a long embedded field downloaded from a malicious third-party website or in the form of an email attachment regardless of it's origin.
A vulnerability exists within the Microsoft Clip Art Gallery, where a remote user can crash the Clip Art application or possibly execute arbitrary code.
Clip art can be downloaded from any website and incorporated into the local gallery. A particular file format called .CIL is used in order to transport new clip art files to the users. The vulnerability is that a user may open a malformed .CIL file containing a long embedded field downloaded from a malicious third-party website or in the form of an email attachment regardless of it's origin.
Exploit / POC
Microsoft Clip Art Buffer Overflow Vulnerability
Dildog <[email protected]> of @Stake/L0pht Research Labs has authored an exploit for the Windows 2000 platform which creates a registry key. The exploit needs to be renamed to *.cil in order to function properly:
Dildog <[email protected]> of @Stake/L0pht Research Labs has authored an exploit for the Windows 2000 platform which creates a registry key. The exploit needs to be renamed to *.cil in order to function properly:
Solution / Fix
Microsoft Clip Art Buffer Overflow Vulnerability
Solution:
Microsoft has released a fully supported patch which rectifies this issue. It is available for download at the following location:
http://cgl.microsoft.com/clipgallerylive/pss/bufovrun.htm
It is also recommended to specify that .CIL files are not opened without confirmation. The steps to do so are outlined below:
- Double-click the My Computer icon on the desktop.
- On the Tools menu, select Folder Options.
- On the File Types tab, select the CIL file type.
- Click Advanced, and then select Confirm Open After Download.
- Click OK twice to return to the My Computer window.
Solution:
Microsoft has released a fully supported patch which rectifies this issue. It is available for download at the following location:
http://cgl.microsoft.com/clipgallerylive/pss/bufovrun.htm
It is also recommended to specify that .CIL files are not opened without confirmation. The steps to do so are outlined below:
- Double-click the My Computer icon on the desktop.
- On the Tools menu, select Folder Options.
- On the File Types tab, select the CIL file type.
- Click Advanced, and then select Confirm Open After Download.
- Click OK twice to return to the My Computer window.
References
Microsoft Clip Art Buffer Overflow Vulnerability
References:
References: