|The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.|
Windows: memory corruption via EMF
Synthesis of the vulnerability
An attacker can generate a memory corruption via EMF in Windows, in order to trigger a denial of service, and possibly to execute code.
Vulnerable systems: Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 7, Windows Vista.
Severity of this threat: 4/4.
Consequences of a hack: administrator access/rights, privileged access/rights, user access/rights, denial of service on server, denial of service on service, denial of service on client.
Pirate's origin: document.
Creation date: 14/04/2015.
Références of this weakness: 3046306, CERTFR-2015-AVI-153, CVE-2015-1645, MS15-035, VIGILANCE-VUL-16598.
Description of the vulnerability
The EMF (Enhanced Metafile) format stores images composed of objects (line, rectangle, text, etc.) and it is handled by gdiplus.dll.
However, when a malicious image is displayed, the memory is corrupted in MRSETDIBITSTODEVICE::bPlay(). An attacker can setup a malicious web site hosting this EMF image, and then invite victims to connect with Internet Explorer.
An attacker can therefore generate a memory corruption via EMF in Windows, in order to trigger a denial of service, and possibly to execute code.
Full Vigil@nce bulletin... (Free trial)
Computer vulnerabilities tracking service
Vigil@nce provides a computer vulnerability watch. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The technology watch team tracks security threats targeting the computer system. The Vigil@nce vulnerability database contains several thousand vulnerabilities.