Think you have a false positive on this rule?

Sid 1-6700

DELETED

Message

DELETED FILE-IMAGE Microsoft Multiple Products malformed PNG detected tEXt overflow attempt

Summary

Stack-based buffer overflow in Microsoft Windows Media Player 9 and 10 allows remote attackers to execute arbitrary code via a PNG image with a large chunk size.

Impact

CVSS base score 9.3 CVSS impact score 10.0 CVSS exploitability score 8.6 confidentialityImpact COMPLETE integrityImpact COMPLETE availabilityImpact COMPLETE

CVE-2006-0025:

CVSS base score 9.3

CVSS impact score 10.0

CVSS exploitability score 8.6

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

CVE-2009-2501:

CVSS base score 9.3

CVSS impact score 10.0

CVSS exploitability score 8.6

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

CVE-2012-5470:

CVSS base score 4.3

CVSS impact score 2.9

CVSS exploitability score 8.6

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

Detailed information

CVE-2006-0025: Stack-based buffer overflow in Microsoft Windows Media Player 9 and 10 allows remote attackers to execute arbitrary code via a PNG image with a large chunk size.

CVE-2009-2501: Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability."

CVE-2012-5470: libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted PNG file.

Affected systems

  • microsoft windowsmediaplayer 9
  • microsoft windowsmediaplayer 10
  • microsoft .net_framework 1.1
  • microsoft .net_framework 2.0
  • microsoft excel_viewer 2003
  • microsoft expression_web *
  • microsoft expression_web 2
  • microsoft forefrontclientsecurity 1.0
  • microsoft internet_explorer 6
  • microsoft office 2003
  • microsoft office 2007
  • microsoft office xp
  • microsoft officecompatibilitypack 2007
  • microsoft officeexcelviewer *
  • microsoft office_groove 2007
  • microsoft officepowerpointviewer *
  • microsoft officepowerpointviewer 2007
  • microsoft officewordviewer *
  • microsoft platform_sdk *
  • microsoft project 2002
  • microsoft report_viewer 2005
  • microsoft report_viewer 2008
  • microsoft sql_server 2005
  • microsoft sqlserverreporting_services 2000
  • microsoft visio 2002
  • microsoft visual_foxpro 8.0
  • microsoft visual_foxpro 9.0
  • microsoft visual_studio 2008
  • microsoft visualstudio.net 2003
  • microsoft visualstudio.net 2005
  • microsoft word_viewer 2003
  • microsoft works 8.5
  • microsoft windows2003server *
  • microsoft windowsserver2008 *
  • microsoft windows_vista *
  • microsoft windows_xp *
  • videolan vlcmediaplayer 2.0.3

Ease of attack

CVE-2006-0025:

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

CVE-2009-2501:

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

CVE-2012-5470:

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

False positives

None known

False negatives

None known

Corrective action

Upgrade to the latest non-affected version of the software.

Apply the appropriate vendor supplied patches.

Contributors

  • Talos research team.
  • This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology.
  • For more information see nvd.

Additional References

  • technet.microsoft.com/en-us/security/bulletin/ms06-024
  • technet.microsoft.com/en-us/security/bulletin/ms09-062
  • technet.microsoft.com/en-us/security/bulletin/ms13-051