HighProventia Desktop, Proventia Network IPS, RealSecure Server Sensor, RealSecure Network, Proventia-G 1.1 and earlier, Proventia Network MFS, Proventia Network IDS, IBM Security Server Protection for Windows, Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware:
This signature detects a malformed TIFF image that could be used by an attacker to exploit a vulnerability in the GDI+ to execute remote code supplied by the attacker.
Proventia Desktop, Proventia Network IPS, RealSecure Server Sensor, RealSecure Network, Proventia-G 1.1 and earlier, Proventia Network MFS, Proventia Network IDS, IBM Security Server Protection for Windows, Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware: It is possible for the data within a vulnerable TIFF file to be arranged in a non-intuitive order that cannot be detected by this signature.
High
Proventia Desktop: 2440, Proventia Network IPS: XPU 29.100, RealSecure Server Sensor: XPU 29.100, RealSecure Network: XPU 29.100, Proventia-G 1.1 and earlier: XPU 29.100, Proventia Network MFS: XPU 29.100, Proventia Network IDS: XPU 29.100, IBM Security Server Protection for Windows: 2.0.300.2440, IBM Security Server Protection for Windows: 1.0.914.2440, IBM Security Server Protection for Windows: 2.1.14.2440, Proventia Server IPS for Linux technology: 29.100, Virtual Server Protection for Vmware: 1.0
Microsoft Internet Explorer: 6.0 SP1, Microsoft Windows XP: SP2, Microsoft Project: 2002 SP1, Microsoft Visio: 2002 SP2, Microsoft Office: XP SP3, Microsoft Word Viewer: 2003, Microsoft Works: 8.5, Microsoft Excel Viewer: 2003, Microsoft Groove Server: 2007, Microsoft Expression Web, Microsoft Office: 2003 SP3, Microsoft Excel Viewer: 2003 SP3, Microsoft SQL Server: 2005 SP2, Microsoft Excel Viewer, Microsoft Office Word Viewer, Microsoft Office Word Viewer: 2003 SP3, Microsoft SQL Server: 2005 SP2 x64, Microsoft SQL Server: 2005 SP2 Itanium, Microsoft Office Compatibility Pack: 2007 SP1, Microsoft Office: 2007 SP1, Microsoft SQL Server Reporting Services: 2000 SP2, Microsoft Report Viewer: 2005 SP1, Microsoft Report Viewer: 2008, Microsoft Forefront Client Security: 1.0, Microsoft Expression Web: 2, Microsoft Groove Server: 2007 SP1, Microsoft Windows XP: SP3, Microsoft Office Compatibility Pack: 2007 SP2, Microsoft PowerPoint Viewer: 2007 SP1, Microsoft PowerPoint Viewer: 2007 SP2, Microsoft Office: 2007 SP2, Microsoft PowerPoint Viewer: 2007, Microsoft SQL Server: 2005 SP3, Microsoft SQL Server: 2005 SP3 x64, Microsoft Report Viewer: 2008 SP1, Microsoft SQL Server: 2005 SP3 Itanium
Unauthorized Access Attempt
Microsoft Windows GDI+ is vulnerable to a buffer overflow, caused by improper bounds checking. By persuading a victim open a specially-crafted TIFF image file, a remote attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system with privileges of the victim.
Apply the appropriate patch for your system, as listed in the latest Microsoft Security Bulletin. See References.
— OR —
Use Microsoft Automatic Update if it is supported by your operating system. The original bulletin issued by Microsoft has been superseded.
Microsoft Security Bulletin MS09-062
Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488)
http://www.microsoft.com/technet/security/bulletin/ms09-062.mspx
IBM Internet Security Systems Protection Alert
Multiple Microsoft Windows GDI+ Image Remote Code Execution Vulnerabilities
http://www.iss.net/threats/350.html
iDefense PUBLIC ADVISORY: 10.13.09
Microsoft Windows GDI+ TIFF File Parsing Buffer Overflow Vulnerability
https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php?id=828
Microsoft Security Bulletin MS10-003
Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution (978214)
http://www.microsoft.com/technet/security/bulletin/ms10-003.mspx
Microsoft Security Bulletin MS10-028
Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (980094)
http://www.microsoft.com/technet/security/bulletin/ms10-028.mspx
Microsoft Security Bulletin MS10-036
Vulnerabilities in COM validation in Microsoft Office Could Allow Remote Code Execution (983235
http://www.microsoft.com/technet/security/bulletin/ms10-036.mspx
Microsoft Security Bulletin MS10-056
Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (2269638)
http://www.microsoft.com/technet/security/bulletin/ms10-056.mspx
Microsoft Security Bulletin MS10-057
Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution (2269707)
http://www.microsoft.com/technet/security/bulletin/ms10-057.mspx
Microsoft Security Bulletin MS10-079
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2293194)
http://www.microsoft.com/technet/security/bulletin/ms10-079.mspx
Microsoft Security Bulletin MS10-087
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930)
http://www.microsoft.com/technet/security/bulletin/ms10-087.mspx
Microsoft Security Bulletin MS10-105
Vulnerabilities in Microsoft Office Graphics Filters Could Allow for Remote Code Execution (968095)
http://www.microsoft.com/technet/security/bulletin/ms10-105.mspx
Microsoft Security Bulletin MS11-008
Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2451879)
http://www.microsoft.com/technet/security/bulletin/ms11-008.mspx
Microsoft Security Bulletin MS11-029
Vulnerability in GDI+ Could Allow Remote Code Execution (2489979)
http://www.microsoft.com/technet/security/bulletin/ms11-029.mspx
Microsoft Security Bulletin MS11-021
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2489279)
http://www.microsoft.com/technet/security/bulletin/ms11-021.mspx
Microsoft Security Bulletin MS11-023
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2489293)
http://www.microsoft.com/technet/security/bulletin/ms11-023.mspx
Microsoft Security Bulletin MS11-045
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2537146)
http://www.microsoft.com/technet/security/bulletin/ms11-045.mspx
Microsoft Security Bulletin MS11-049
Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893)
http://www.microsoft.com/technet/security/bulletin/ms11-049.mspx
Microsoft Security Bulletin MS11-060
Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2560978)
http://www.microsoft.com/technet/security/bulletin/ms11-060.mspx
Microsoft Security Bulletin MS11-072
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505)
http://www.microsoft.com/technet/security/bulletin/ms11-072.mspx
Microsoft Security Bulletin MS11-072
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505)
http://www.microsoft.com/technet/security/bulletin/ms11-072.mspx
Microsoft Security Bulletin MS11-072
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505)
http://www.microsoft.com/technet/security/bulletin/ms11-072.mspx
Microsoft Security Bulletin MS11-096
Vulnerability in Microsoft Excel Could Allow Remote Code Execution (2640241)
http://technet.microsoft.com/en-us/security/bulletin/MS11-096
Microsoft Security Bulletin MS11-096
Vulnerability in Microsoft Excel Could Allow Remote Code Execution (2640241)
http://technet.microsoft.com/en-us/security/bulletin/MS11-096
Microsoft Security Bulletin MS11-096
Vulnerability in Microsoft Excel Could Allow Remote Code Execution (2640241)
http://technet.microsoft.com/en-us/security/bulletin/MS11-096
ISS X-Force
Microsoft Windows GDI+ TIFF image buffer overflow
http://www.iss.net/security_center/static/53527.php
CVE
CVE-2009-2502
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2502