Microsoft GDIPlus PNG Infinite Loop Vulnerability Network Vulnerability

Summary

This host is running Windows XP Operating System with GDI libraries installed which is prone to Infinite Loop vulnerability.

Impact

Successful exploitation will let the attacker cause denial of service. Impact Level: System

Solution

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

Insight

This flaw is caused while processing crafted PNG file containing a large btChunkLen value which causes the control to enter an infinite loop.

Affected

Windows XP Service Pack 3 and prior.

Severity

Classification

CVE CVE-2009-1511
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C

Related Vulnerabilities

Apple QuickTime Malformed .mov File Buffer Overflow Vulnerability
ClamAV Denial of Service Vulnerability (Win)
Check for RealServer DoS
Adobe Reader/Acrobat JavaScript Method Handling Vulnerability (Windows)
ClamAV Multiple Vulnerabilities (Win)

Take action and discover your vulnerabilities