New Windows Thumbnail Image Zero-Day Attack

According to TheRegister, “Microsoft has confirmed reports that several versions of Windows are vulnerable to exploits that allow remote attackers to take full control of users’ computers using booby-trapped emails and websites.”

Apparently, remote code execution is possible when a specially crafted thumbnail image is viewed. The attack works against Windows XP & Vista, and Server 2003 & 2008. Windows 7 and Server 2008 R2 is immune to the exploit. It works not only against Office documents and E-mails, but also through network shares.  

According to the article, the exploit was made public at the South Korean “Power of Community” security conference. The exploit code has already been added to the popular security testing software Metasploit.

According to documentation in the exploit code on Metasploit’s site:

This module exploits a stack-based buffer overflow in the handling of thumbnails within .MIC files and various Office documents. When processing a thumbnail bitmap containing a negative ‘biClrUsed’ value, a stack-based buffer overflow occurs. This leads to arbitrary code execution. In order to trigger the vulnerable code, the folder containing the document must be viewed using the “Thumbnails” view.

Microsoft was concerned enough about it to release a warning statement, but has no plans to create an out of band security patch for it. We will have to wait until the next standard security update next week, if the fix is even ready by then.  

~ by D. Dieterle on January 5, 2011.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: