In association with heise online

08 June 2007, 12:54

Two vulnerabilities in Windows XP

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Two newly detected vulnerabilities in Windows cause Windows Explorer to crash and restart repeatedly, effectively denying service to the system. The first bug is an integer-division-by-zero flaw related to the Windows GDI+ component (gdiplus.dll), activated by malformed ICO files and provoking an exception. According to the advisory, setting the value of the InfoHeader Height in an ICO file to zero is enough to crash an application that uses the graphics library. For Windows Explorer, opening a directory where a malformed file is stored will cause a crash. In addition to Windows Explorer, the Windows Image and Fax Viewer also uses the GDI+ component. No patch is provided for this vulnerability, which is not present in Vista. Deleting the file via the prompt helps to remedy the bug. According to the advisory, the flaw, which affects Windows XP, will not be fixed before the upcoming release of Service Pack 3.

The second bug is based on a vulnerability of Windows Explorer under Windows XP SP2 and occurs when two link files (*.lnk) reference each other. Opening a directory containing two such files causes Windows Explorer to crash. If the file is stored on the desktop, the crash will happen shortly after boot-up. The same occurs when the ICO DoS vulnerability is exploited. Microsoft has been informed on this bug; it is, however, unclear whether a patch will be provided or not.

To remove the files, users can, for instance, boot their system in safe mode and use the command prompt. The antivirus programs tested by heise in the 12/06 issue of c't within the magazine’s test of Internet security suites were able to handle such cross-links when searching directories.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit