Antivirus and Security Software from Sophos

Psst, Mac user! We have a free Mac anti-virus just for you.

Online support

Product maintenance

Contact support

Support services

Resource centers

UK IT Security Events

Get the low-down on our cup winning security solutions to provide you with a defence dream team

Vulnerability: MS09-062 - Critical Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488)

Back to Latest vulnerabilities homepage

Click any highlighted term for further explanation.

 Details
Vulnerability name/brief description

MS09-062 - Critical Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488)

CVE/CAN name

CVE-2009-2500, CVE-2009-2501, CVE-2009-2502, CVE-2009-2503, CVE-2009-2504, CVE-2009-2518, CVE-2009-2528, CVE-2009-3126

Vendor threat levelCritical
SophosLabs threat levelMedium
Solution

Apply updates associated with MS09-062

Vendor description

This security update resolves several privately reported vulnerabilities in Microsoft Windows GDI+. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using affected software or browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

SophosLabs commentsThis update addresses several remote code execution vulnerabilities in GDI+. Vulnerable systems could be exploited via malicously crafted WMF, PNG, TIFF, BMP files, or malicious .NET applications.
SophosLabs testing resultN/A
Currently known exploitsAt the time of writing SophosLabs have not observed any malware attempting to exploit this vulnerability. Should this situation change samples will be analyzed and we will take action as necessary.
First sample seenN/A
Discovery date17 July 2009
Affected software

Microsoft Operating Systems
    Windows XP Service Pack 2 and Windows XP Service Pack 3
    Windows XP Professional x64 Edition Service Pack 2
    Windows Server 2003 Service Pack 2
    Windows Server 2003 x64 Edition Service Pack 2
    Windows Server 2003 with SP2 for Itanium-based Systems
    Windows Vista and Windows Vista Service Pack 1
    Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
    Windows Server 2008 for 32-bit Systems
    Windows Server 2008 for x64-based Systems
    Windows Server 2008 for Itanium-based Systems

Internet Explorer
    Microsoft Windows 2000 Service Pack 4
        Microsoft Internet Explorer 6 Service Pack 1(KB958869)

Microsoft .NET Framework
    Microsoft Windows 2000 Service Pack 4
        Microsoft .NET Framework 1.1 Service Pack 1(KB971108)
        Microsoft .NET Framework 2.0 Service Pack 1(KB971110)
    Microsoft Windows 2000 Service Pack 4
        Microsoft .NET Framework 2.0 Service Pack 2(KB971111)

Microsoft Office
    Microsoft Office XP Service Pack 3(KB974811)
    Microsoft Office 2003 Service Pack 3(KB972580)
    2007 Microsoft Office System Service Pack 1(KB972581)
    2007 Microsoft Office System Service Pack 2(KB972581)

Other Office Software
    Microsoft Office Project 2002 Service Pack 1(KB974811)
    Microsoft Office Visio 2002 Service Pack 2(KB975365)
    Microsoft Office Word Viewer, Microsoft Word Viewer 2003, Microsoft Word Viewer 2003 Service Pack 3, Microsoft Office Excel Viewer 2003, Microsoft Office Excel Viewer 2003 Service Pack 3(KB972580)
    Microsoft Office Excel Viewer, PowerPoint Viewer 2007, PowerPoint Viewer 2007 Service Pack 1(KB972581)
    PowerPoint Viewer 2007 Service Pack 2(KB972581)
    Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1(KB972581)
    Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2(KB972581)
    Microsoft Expression Web and Microsoft Expression Web 2(KB972581)
    Microsoft Office Groove 2007 and Microsoft Office Groove 2007 Service Pack 1(KB972581)
    Microsoft Works 8.5(KB973636)

Referenceshttp://www.microsoft.com/technet/security/Bulletin/ms09-062.mspx
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2501
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2502
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2503
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2504
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2518
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2528
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3126
CreditsMicrosoft MAPP program
Yamata Li (CVE-2009-2500)
Thomas Gamier (CVE-2009-2501)
Wushi (CVE-2009-2502)
Ivan Fratric (CVE-2009-2503)
Tavis Ormandy (CVE-2009-3126)
Marsu Pilami (CVE-2009-2528)
Carsten H Eiram (CVE-2009-2518)
RevisionsOctober 14th 2009 - Initial analysis written

Explanation of terms

Vulnerability Name/Brief Description:
Vendor identifier plus a brief description of the type of attack.

CVE/CAN Name:
Currently assigned CVE name. If a CVE name doesn't exist the CAN name will be used until a CVE has been assigned.

Vendor Threat Level:
Threat level assigned by the vendor

SophosLabs Threat Level:
Threat level assigned by SophosLabs

  • LOW RISK - There is little chance of this vulnerability being actively exploited by malware.
  • MEDIUM RISK - There is a possibility of this vulnerability being actively exploited by malware.
  • HIGH RISK - There is a strong possibility of this vulnerability being actively exploited by malware.
  • CRITICAL RISK - This vulnerability will almost certainly be actively exploited by malware.

Solution:
Vendor-supplied Patch identifier and recommended solution, or workaround if applicable.

Vendor Description:
Summary of the cause and potential effect of the vulnerability provided by the vendor.

SophosLabs Comments:
SophosLabs' opinions and observations of the vulnerability in question.

SophosLabs Testing Result:
Details of completed lab testing, if applicable. Please note that the lab test environment may differ significantly from user environments.

Currently Known Exploits:
List of identities for known exploits, if applicable.

First Sample Seen:
Date of the first sample seen by SophosLabs.

Discovery Date:
Date of the earliest known publically disclosed advisory.

Affected Software:
Vulnerable platforms and software versions.

 

 

If you need more information or guidance, then please contact technical support.