There is a memory corruption vulnerability with GIF file processing in Microsoft GDI+ that can be used to crash a vulnerable application and potentially execute arbitrary code. ################### #The vulnerability# ################### The vulnerability is caused due to improper handling of graphic control extension when processing malformed GIF files. The vulnerability can be triggered if a large number of extension markers (0x21) followed by unknown labels is found when processing a GIF file. ######## #Impact# ######## This vulnerability can be used to corrupt memory of any application utilizing GDI+ for GIF file decoding if it is used to open a malformed GIF file. This could lead to code execution with the privileges of the user running the vulnerable application. ############ #References# ############ http://ifsec.blogspot.com/2008/09/windows-gdi-gif-memory-corruption.html http://www.zerodayinitiative.com/advisories/ZDI-08-056/ http://www.microsoft.com/technet/security/bulletin/ms08-052.mspx http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3013
