BUGTRAQ ID: 31022
CVE ID:CVE-2008-3015
CNCVE ID:CNCVE-20083015
Microsoft Windows是一款微软开发的操作系统。
Microsoft Windows GDI+子系统解析特殊构建的BMP文件存在问题,远程攻击者可以利用漏洞进行内存破坏,可导致以登录用户进程权限执行任意代码。
提供畸形的BitMapInfoHeader可导致不正确的整数计算,而在之后造成内存破坏问题,构建特殊的BMP文件,诱使用户访问,可触发此漏洞。
Microsoft Works 8.0
Microsoft Visual Studio 2003 Viewer
Microsoft Visio 2002 SP2
Microsoft SQL Server 2005 x64 Edition SP2
Microsoft SQL Server 2005 x64 Edition SP1
Microsoft SQL Server 2005 Itanium Edition SP2
Microsoft SQL Server 2005 Itanium Edition SP1
Microsoft SQL Server 2005 Itanium Edition 0
Microsoft SQL Server 2005 0
Microsoft SQL Server 2000
临时解决方案可参考如下:
-限制对gdiplus.dll的访问
1,在管理员命令行中运行如下命令:
for /F "tokens=" %G IN (‘dir /b /s %windir%\Microsoft.NET\Framework\gdiplus.dll’) DO cacls %G /E /P everyone:N
for /F "tokens=" %G IN (‘dir /b /s %windir%\winsxs\gdiplus.dll’) DO cacls %G /E /P everyone:N
for /F "tokens=" %G IN (‘dir /b /s ^"%windir%\Downloaded Program Files\gdiplus.dll^"’) DO cacls %G /E /P everyone:N
for /F "tokens=" %G IN (‘dir /b /s ^"%programfiles%\microsoft office\gdiplus.dll^"’) DO cacls "%G" /E /P everyone:N
for /F "tokens=*" %G IN (‘dir /b /s ^"%programfiles^(86^)%\microsoft office\gdiplus.dll^"’) DO cacls "%G" /E /P everyone:N
cacls "%programfiles%\Common Files\Microsoft Shared\VFP\gdiplus.dll" /E /P everyone:N
cacls "%programfiles(x86)%\Common Files\Microsoft Shared\VFP\gdiplus.dll" /E /P everyone:N
cacls "%programfiles%\Microsoft Visual FoxPro 8\gdiplus.dll" /E /P everyone:N
cacls "%programfiles(x86)%\Microsoft Visual FoxPro 8\gdiplus.dll" /E /P everyone:N
cacls "%programfiles%\Microsoft Visual FoxPro 9\gdiplus.dll" /E /P everyone:N
cacls "%programfiles(x86)%\Microsoft Visual FoxPro 9\gdiplus.dll" /E /P everyone:N
cacls "%programfiles%\Microsoft Digital Image 2006\gdiplus.dll" /E /P everyone:N
cacls "%programfiles(x86)%\Microsoft Digital Image 2006\gdiplus.dll" /E /P everyone:N
cacls "%programfiles%\Common Files\Microsoft shared\Works Shared\gdiplus.dll" /E /P everyone:N
cacls "%programfiles(x86)%\Common Files\Microsoft shared\Works Shared\gdiplus.dll" /E /P everyone:N
cacls "%programfiles%\Microsoft Works\gdiplus.dll" /E /P everyone:N
cacls "%programfiles(x86)%\Microsoft Works\gdiplus.dll" /E /P everyone:N
cacls "%programfiles%\Common Files\Microsoft Shared\VGX\vgx.dll" /E /P everyone:N
cacls "%programfiles(x86)%\Common Files\Microsoft Shared\VGX\vgx.dll" /E /P everyone:N
2,重新启动
怎样恢复刚才的临时解决方案:
1,在管理员命令行中运行如下命令:
for /F "tokens=" %G IN (‘dir /b /s %windir%\Microsoft.NET\Framework\gdiplus.dll’) DO cacls %G /E /R everyone
for /F "tokens=" %G IN (‘dir /b /s %windir%\winsxs\gdiplus.dll’) DO cacls %G /E /R everyone
for /F "tokens=" %G IN (‘dir /b /s ^"%windir%\Downloaded Program Files\gdiplus.dll^"’) DO cacls %G /E /R everyone
for /F "tokens=" %G IN (‘dir /b /s ^"%programfiles%\microsoft office\gdiplus.dll^"’) DO cacls "%G" /E /R everyone
for /F "tokens=*" %G IN (‘dir /b /s ^"%programfiles^(86^)%\microsoft office\gdiplus.dll^"’) DO cacls "%G" /E /R everyone
cacls "%programfiles%\Common Files\Microsoft Shared\VFP\gdiplus.dll" /E /R everyone
cacls "%programfiles(x86)%\Common Files\Microsoft Shared\VFP\gdiplus.dll" /E /R everyone
cacls "%programfiles%\Microsoft Visual FoxPro 8\gdiplus.dll" /E /R everyone
cacls "%programfiles(x86)%\Microsoft Visual FoxPro 8\gdiplus.dll" /E /R everyone
cacls "%programfiles%\Microsoft Visual FoxPro 9\gdiplus.dll" /E /R everyone
cacls "%programfiles(x86)%\Microsoft Visual FoxPro 9\gdiplus.dll" /E /R everyone
cacls "%programfiles%\Microsoft Digital Image 2006\gdiplus.dll" /E /R everyone
cacls "%programfiles(x86)%\Microsoft Digital Image 2006\gdiplus.dll" /E /R everyone
cacls "%programfiles%\Common Files\Microsoft shared\Works Shared\gdiplus.dll" /E /R everyone
cacls "%programfiles(x86)%\Common Files\Microsoft shared\Works Shared\gdiplus.dll" /E /R everyone
cacls "%programfiles%\Microsoft Works\gdiplus.dll" /E /R everyone
cacls "%programfiles(x86)%\Microsoft Works\gdiplus.dll" /E /R everyone
cacls "%programfiles%\ Common Files\Microsoft Shared\VGX\vgx.dll" /E /R everyone
cacls "%programfiles(x86)%\ Common Files\Microsoft Shared\VGX\vgx.dll" /E /R everyone
2,重新启动
-编辑注册表防止RSClientPrint中Internet Explorer运行:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility{FA91DF8D-53AB-455D-AB20-F2F023E498D3}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility{FA91DF8D-53AB-455D-AB20-F2F023E498D3}]
"Compatibility Flags"=dword:00000400
把如上内容粘贴到记事本并以.reg文件扩展名保存,并双击。
参考如下补丁程序:
Microsoft Digital Image Suite 2006
Microsoft Vulnerabilities in Digital Image 2006 using GDI+ Could Allow Remote Code Execution (KB955992)
<a href=“http://www.microsoft.com/downloads/details.aspx?familyid=04afd760-8173” target=“_blank”>http://www.microsoft.com/downloads/details.aspx?familyid=04afd760-8173</a> -4069-9e82-d3bf053d9eae&displaylang=en
Microsoft SQL Server 2005 Itanium Edition SP2
Microsoft Security Update for SQL Server 2005 QFE Service Pack 2 (KB954607)
<a href=“http://www.microsoft.com/downloads/details.aspx?familyid=5148B887-F323” target=“_blank”>http://www.microsoft.com/downloads/details.aspx?familyid=5148B887-F323</a> -4ADB-9721-61E1C0CFD213&displaylang=en
Microsoft Security Update for SQL Server 2005 Service Pack 2 (KB954606)
<a href=“http://www.microsoft.com/downloads/details.aspx?familyid=4603C722-2468” target=“_blank”>http://www.microsoft.com/downloads/details.aspx?familyid=4603C722-2468</a> -4ADB-B945-2ED0458B8F47&displaylang=en
Microsoft Report Viewer 2005 SP1
Microsoft Microsoft Report Viewer Redistributable 2005 Service Pack 1
<a href=“http://www.microsoft.com/downloads/details.aspx?familyid=82833F27-081D” target=“_blank”>http://www.microsoft.com/downloads/details.aspx?familyid=82833F27-081D</a> -4B72-83EF-2836360A904D&displaylang=en
Microsoft Report Viewer 2008 0
Microsoft Microsoft Report Viewer Redistributable 2008
<a href=“http://www.microsoft.com/downloads/details.aspx?familyid=6AE0AA19-3E6C” target=“_blank”>http://www.microsoft.com/downloads/details.aspx?familyid=6AE0AA19-3E6C</a> -474C-9D57-05B2347456B1&displaylang=en
Microsoft SQL Server 2005 x64 Edition SP2
Microsoft Security Update for SQL Server 2005 QFE Service Pack 2 (KB954607)
<a href=“http://www.microsoft.com/downloads/details.aspx?familyid=5148B887-F323” target=“_blank”>http://www.microsoft.com/downloads/details.aspx?familyid=5148B887-F323</a> -4ADB-9721-61E1C0CFD213&displaylang=en
Microsoft Security Update for SQL Server 2005 Service Pack 2 (KB954606)
<a href=“http://www.microsoft.com/downloads/details.aspx?familyid=4603C722-2468” target=“_blank”>http://www.microsoft.com/downloads/details.aspx?familyid=4603C722-2468</a> -4ADB-B945-2ED0458B8F47&displaylang=en
Microsoft Office 2003 SP3
Microsoft Security Update for Office 2003 (KB954478)
<a href=“http://www.microsoft.com/downloads/details.aspx?familyid=e9f8e309-d721” target=“_blank”>http://www.microsoft.com/downloads/details.aspx?familyid=e9f8e309-d721</a> -4bab-b485-5eede8d49eb8&displaylang=en
Microsoft Visio 2002 SP2
Microsoft Security Update for Visio 2002 (KB954479)
<a href=“http://www.microsoft.com/downloads/details.aspx?familyid=a6d9d3ef-f087” target=“_blank”>http://www.microsoft.com/downloads/details.aspx?familyid=a6d9d3ef-f087</a> -4f61-9ec1-522b7d4b9c48&displaylang=en
Microsoft Forefront Client Security 1.0
Microsoft Microsoft Forefront Security v 1.0 MS08-052 (KB 957177)
<a href=“http://www.microsoft.com/downloads/details.aspx?familyid=1EB1A79F-44CA” target=“_blank”>http://www.microsoft.com/downloads/details.aspx?familyid=1EB1A79F-44CA</a> -499E-90BB-AC51894E9D1E&displaylang=en