HighProventia Desktop, Proventia Network IPS, RealSecure Server Sensor, RealSecure Network, Proventia-G 1.1 and earlier, Proventia Network MFS, Proventia Network IDS, IBM Security Server Protection for Windows, Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware:
This signature detects WMF files containing image components that, when processed by Microsoft GDI+, may overflow an integer value and allow remote code execution.
High
Proventia Desktop: 2440, Proventia Network IPS: XPU 29.100, RealSecure Server Sensor: XPU 29.100, RealSecure Network: XPU 29.100, Proventia-G 1.1 and earlier: XPU 29.100, Proventia Network MFS: XPU 29.100, Proventia Network IDS: XPU 29.100, IBM Security Server Protection for Windows: 2.0.300.2440, IBM Security Server Protection for Windows: 1.0.914.2440, IBM Security Server Protection for Windows: 2.1.14.2440, Proventia Server IPS for Linux technology: 29.100, Virtual Server Protection for Vmware: 1.0
Microsoft Internet Explorer: 6.0 SP1, Microsoft Windows 2000: SP4, Microsoft Windows XP: SP2, Microsoft Project: 2002 SP1, Microsoft Visio: 2002 SP2, Microsoft Office: XP SP3, Microsoft Word Viewer: 2003, Microsoft Works: 8.5, Microsoft Excel Viewer: 2003, Microsoft Groove Server: 2007, Microsoft Expression Web, Microsoft Office: 2003 SP3, Microsoft Excel Viewer: 2003 SP3, Microsoft SQL Server: 2005 SP2, Microsoft Excel Viewer, Microsoft Office Word Viewer, Microsoft Office Word Viewer: 2003 SP3, Microsoft SQL Server: 2005 SP2 x64, Microsoft SQL Server: 2005 SP2 Itanium, Microsoft Office Compatibility Pack: 2007 SP1, Microsoft Office: 2007 SP1, Microsoft SQL Server Reporting Services: 2000 SP2, Microsoft Report Viewer: 2005 SP1, Microsoft Report Viewer: 2008, Microsoft Forefront Client Security: 1.0, Microsoft Expression Web: 2, Microsoft Groove Server: 2007 SP1, Microsoft Windows XP: SP3, Microsoft Office Compatibility Pack: 2007 SP2, Microsoft PowerPoint Viewer: 2007 SP1, Microsoft PowerPoint Viewer: 2007 SP2, Microsoft Office: 2007 SP2, Microsoft PowerPoint Viewer: 2007, Microsoft SQL Server: 2005 SP3, Microsoft SQL Server: 2005 SP3 x64, Microsoft Report Viewer: 2008 SP1, Microsoft SQL Server: 2005 SP3 Itanium
Unauthorized Access Attempt
Microsoft Windows GDI+ could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow error. By persuading a victim open a specially-crafted WMF image file, an attacker could exploit this vulnerability to execute arbitrary code on the system with privileges of the victim.
Apply the appropriate patch for your system, as listed in the latest Microsoft Security Bulletin. See References.
— OR —
Use Microsoft Automatic Update if it is supported by your operating system. The original bulletin issued by Microsoft has been superseded.
Microsoft Security Bulletin MS09-062
Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488)
http://www.microsoft.com/technet/security/bulletin/ms09-062.mspx
IBM Internet Security Systems Protection Alert
Multiple Microsoft Windows GDI+ Image Remote Code Execution Vulnerabilities
http://www.iss.net/threats/350.html
Microsoft Security Bulletin MS10-003
Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution (978214)
http://www.microsoft.com/technet/security/bulletin/ms10-003.mspx
Microsoft Security Bulletin MS10-028
Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (980094)
http://www.microsoft.com/technet/security/bulletin/ms10-028.mspx
Microsoft Security Bulletin MS10-036
Vulnerabilities in COM validation in Microsoft Office Could Allow Remote Code Execution (983235
http://www.microsoft.com/technet/security/bulletin/ms10-036.mspx
Microsoft Security Bulletin MS10-056
Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (2269638)
http://www.microsoft.com/technet/security/bulletin/ms10-056.mspx
Microsoft Security Bulletin MS10-057
Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution (2269707)
http://www.microsoft.com/technet/security/bulletin/ms10-057.mspx
Microsoft Security Bulletin MS10-079
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2293194)
http://www.microsoft.com/technet/security/bulletin/ms10-079.mspx
Microsoft Security Bulletin MS10-087
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930)
http://www.microsoft.com/technet/security/bulletin/ms10-087.mspx
Microsoft Security Bulletin MS10-105
Vulnerabilities in Microsoft Office Graphics Filters Could Allow for Remote Code Execution (968095)
http://www.microsoft.com/technet/security/bulletin/ms10-105.mspx
Microsoft Security Bulletin MS11-008
Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2451879)
http://www.microsoft.com/technet/security/bulletin/ms11-008.mspx
Microsoft Security Bulletin MS11-029
Vulnerability in GDI+ Could Allow Remote Code Execution (2489979)
http://www.microsoft.com/technet/security/bulletin/ms11-029.mspx
Microsoft Security Bulletin MS11-021
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2489279)
http://www.microsoft.com/technet/security/bulletin/ms11-021.mspx
Microsoft Security Bulletin MS11-023
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2489293)
http://www.microsoft.com/technet/security/bulletin/ms11-023.mspx
Microsoft Security Bulletin MS11-045
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2537146)
http://www.microsoft.com/technet/security/bulletin/ms11-045.mspx
Microsoft Security Bulletin MS11-049
Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893)
http://www.microsoft.com/technet/security/bulletin/ms11-049.mspx
Microsoft Security Bulletin MS11-060
Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2560978)
http://www.microsoft.com/technet/security/bulletin/ms11-060.mspx
Microsoft Security Bulletin MS11-072
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505)
http://www.microsoft.com/technet/security/bulletin/ms11-072.mspx
Microsoft Security Bulletin MS11-072
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505)
http://www.microsoft.com/technet/security/bulletin/ms11-072.mspx
Microsoft Security Bulletin MS11-072
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505)
http://www.microsoft.com/technet/security/bulletin/ms11-072.mspx
Microsoft Security Bulletin MS11-096
Vulnerability in Microsoft Excel Could Allow Remote Code Execution (2640241)
http://technet.microsoft.com/en-us/security/bulletin/MS11-096
Microsoft Security Bulletin MS11-096
Vulnerability in Microsoft Excel Could Allow Remote Code Execution (2640241)
http://technet.microsoft.com/en-us/security/bulletin/MS11-096
Microsoft Security Bulletin MS11-096
Vulnerability in Microsoft Excel Could Allow Remote Code Execution (2640241)
http://technet.microsoft.com/en-us/security/bulletin/MS11-096
ISS X-Force
Microsoft Windows GDI+ WMF image code execution
http://www.iss.net/security_center/static/53525.php
CVE
CVE-2009-2500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2500