Home Hacking News Windows GDI Vulnerability Found By Google Gets a Temporary Fix

Windows GDI Vulnerability Found By Google Gets a Temporary Fix

by Unallocated Author

A temporary fix is now available for the Windows Graphics Device Interface (Windows GDI) vulnerability which was disclosed a couple of weeks ago.

This flaw was initially discovered by an engineer working in Google’s Project Zero team. His name is Mateusz Jurczyk and reported this in March 2016, along with other issues in user-mode Windows GDI library. Microsoft attempted to resolve this bug with their June 2016 patches but failed to do so and so the reported filed another report in November 2016.

As per the policy of Google’s Project Zero. The vendors will have 90 days to resolve their disclosed vulnerabilities, otherwise, the vulnerability will be made public, the same applies for the Windows GDI flaw as well. But, since Microsoft did not release a monthly security update in February, and pushed the patches to March, this vulnerability is not resolved within the given 90 days window.

Tracked as CVE-2017-0038, this vulnerability is linked to handling of DIBs (Device Independent Bitmaps) that are embedded in EMF records. The security researcher who found it is able to reproduce the same vulnerability both remotely (in Office Online) and locally (in Internet Explorer).

Although the Microsoft has not released a fix for this issue yet, Luka Treiber with the help of 0patch Team devised a temporary fix for the issue. For this, the researcher worked with the proof of concept which Jurczyk from Google published, and says that the issue was visible each time the specially crafted EMF file was loaded in Internet Explorer 11.

“CVE-2017-0038 is a bug in EMF image format parsing logic that does not adequately check image dimensions specified in the image file being parsed against a number of pixels provided by that file. If image dimensions are large enough the parser is tricked into reading memory contents beyond the memory-mapped EMF file being parsed,” Treiber explains.

 

You may also like