Vulnerability in GDI+ Could Allow Remote Code Execution (MS13-054)

ITS Advisory Number: 
2013-065
Date(s) Issued: 
Tuesday, July 9, 2013
Subject: 
Vulnerability in GDI+ Could Allow Remote Code Execution (MS13-054)
Overview: 

A vulnerability has been discovered in the Microsoft Graphics Device Interface (GDI+).  Microsoft GDI+ enables various applications to display images. Microsoft GDI+ is installed by default on all Microsoft Windows operating systems. The vulnerability could allow remote code execution if a user views shared content that embeds TrueType font files.

Successful exploitation of these vulnerabilities could result in an attacker taking complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.

Systems Affected: 
  • Windows XP
  • Windows Vista
  • Windows 7
  • Windows 8
  • Windows Server 2003
  • Windows Server 2008
  • Windows Server 2012
  • Windows RT
  • Microsoft Office 2003
  • Microsoft Office 2007
  • Microsoft Office 2010
  • Microsoft Visual Studio .NET 2003
  • Microsoft Lync 2010
  • Microsoft Lync 2010 Attendee
  • Microsoft Lync 2013
  • Microsoft Lync Basic 2013
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
High
Description: 


Microsoft GDI+ is vulnerable to remote code execution because of the way it handles specially crafted TrueType font files. The vulnerability could allow remote code execution if a user views shared content that embeds TrueType font files. Successful exploitation of these vulnerabilities could result in an attacker taking complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.

Actions: 
  • Apply appropriate patches provided by Microsoft to vulnerable systems immediately after appropriate testing.
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
  • Remind users not to open email attachments from unknown users or suspicious emails from trusted sources.
References: 
Microsoft:
http://technet.microsoft.com/en-us/security/bulletin/MS13-054
CVE:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2013-3129