Severity: High

Microsoft JPEG/GDI+ Vulnerability

Overview: A buffer overflow vulnerability has been discovered in the way Microsoft Windows® handles JPEG processing. On September 22, numerous proof of concept exploits were released which allow an attacker to execute code on a remote system, thereby taking control of the remote system.

Zone Labs software products are not vulnerable to this attack. However, many other software products are vulnerable. As such, this vulnerability has been classified as "High Risk." Computer users should take action to patch vulnerable systems.

Date Published: September 23, 2004
Date Last Revised: September 23, 2004

Impact: This vulnerability could allow an attacker to execute code on the target system with elevated privileges. If successful, the attacker could install malicious code (worm, virus, Trojan horse), read confidential data, or take control of the target system.

Platforms Affected: Because the vulnerability exists in an underlying Microsoft system component, which is distributed with Microsoft operating systems and included in specific software products, extensive numbers of software products are impacted. Microsoft Security Bulletin MS04-028 states

There are cases where you might be vulnerable to this issue even after you install the required operating system update and the updates for programs or components that are listed in the Affected Software and Affected Components sections of this bulletin.

Please review the Microsoft Security Bulletin MS04-028 for a complete list: http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx

Description: GDI+ is a graphics device interface that is widely used for many software products, applications and services. Programs which process JPEG images (web browsers, email clients, word processing tools) and contain a vulnerable version of GDI+ could be vulnerable to this attack. Because GDI+ and JPEG images are so widely used, many software applications and services could be targeted by an attacker. On September 22, numerous exploits for this vulnerability became publicly available.

Zone Labs Products

To ensure the most comprehensive protection, computer users should employ ZoneAlarm® Internet Security Suite, ZoneAlarm Pro or Check Point Integrity™. No Zone Labs products are vulnerable to this attack or contain the GDI+ package. All Zone Labs security products including ZoneAlarm, our basic security product, protect the user's system from unauthorized access and intrusions, as well as alerting the user when malicious code attempts to access the network.

Recommended Actions for ZoneAlarm Internet Security Suite/ZoneAlarm Pro:

• Install Microsoft patches to remove this vulnerability from the Windows operating system and other software components: http://windowsupdate.microsoft.com
  http://office.microsoft.com/en-us/officeupdate/default.aspx
• Review Microsoft Security Bulletin MS04-028: http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx

Recommended Actions for ZoneAlarm:

• Install Microsoft provided patches to remove this vulnerability from the Windows operating system: http://windowsupdate.microsoft.com
  http://office.microsoft.com/en-us/officeupdate/default.aspx
• Review Microsoft Security Bulletin MS04-028: http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx

Related Resources:

• Microsoft Windows Update:
  http://windowsupdate.microsoft.com
  
  
• Microsoft Security Bulletin MS04-028:
  http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx
  
  
• Check Point Smart Defense: Microsoft JPEG Processing Buffer Overflow vulnerability:
  http://www.checkpoint.com/defense/advisories/public/2004/cpai-2005-42.html

Contact: Zone Labs customers who are concerned about information contained in this advisory or have additional technical questions may reach our Technical Support team at: http://www.zonelabs.com/support/. To report security issues with Zone Labs products contact security@zonelabs.com.

Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. Zone Labs and Zone Labs products, are registered trademarks of Zone Labs Incorporated. and/or affiliated companies in the United States and other countries. All other registered and unregistered trademarks represented in this document are the sole property of their respective companies/owners.

Copyright: ©2004 Zone Labs LLC All rights reserved. Zone Labs, TrueVector, ZoneAlarm, and Cooperative Enforcement are registered trademarks of Zone Labs LLC The Zone Labs logo, Check Point Integrity and IMsecure are trademarks of Zone Labs, Inc. Check Point Integrity protected under U.S. Patent No. 5,987,611. Reg. U.S. Pat. & TM Off. Cooperative Enforcement is a service mark of Zone Labs LLC All other trademarks are the property of their respective owners.

Permission to redistribute this alert electronically is granted as long as it is not edited in any way unless authorized by Zone Labs. Reprinting the whole or part of this alert in any medium other than electronically requires permission from Zone Labs.