Think you have a false positive on this rule?

Sid 1-3634

DELETED

Message

DELETED WEB-CLIENT Microsoft Windows Bitmap width integer overflow multipacket attempt

Summary

Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.

Impact

CVSS base score 10.0 CVSS impact score 10.0 CVSS exploitability score 10.0 confidentialityImpact COMPLETE integrityImpact COMPLETE availabilityImpact COMPLETE

CVE-2008-3015:

CVSS base score 9.3

CVSS impact score 10.0

CVSS exploitability score 8.6

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Detailed information

CVE-2008-3015: Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability."

Affected systems

  • microsoft digitalimagesuite 2006
  • microsoft forefrontclientsecurity 1.0
  • microsoft office 2003
  • microsoft office 2007
  • microsoft office xp
  • microsoft officepowerpointviewer 2003
  • microsoft report_viewer 2005
  • microsoft report_viewer 2008
  • microsoft sql_server 2005
  • microsoft sqlserverreporting_services 2000
  • microsoft visio 2002
  • microsoft works 8.0

Ease of attack

CVE-2008-3015:

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

False positives

None known

False negatives

None known

Corrective action

Upgrade to the latest non-affected version of the software.

Apply the appropriate vendor supplied patches.

Contributors

  • Talos research team.
  • This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology.
  • For more information see nvd.

Additional References

  • bugzilla.mozilla.org/show_bug.cgi?id=255067
  • technet.microsoft.com/en-us/security/bulletin/MS08-052