ITS Homepage Click here for text version of ITS homepage University at AlbanyUAlbany Site IndexUAlbany Search
alerts_tag
ITS Alert
Microsoft Windows Malformed ART Image Remote Code Execution Vulnerability


This advisory relates to an image file format (ART) used by AOL. However, MS operating systems parse this file even without AOL software installed. 

There is a patch for this vulnerability. It is KB918439. The MS advisory can be found at
http://www.microsoft.com/technet/security/Bulletin/MS06-022.mspx
 
Systems can be updated by used Internet Explorer, selecting Tools, Windows Update. Several additional updates may be recommended depending on the state of the individual machine.
 
Subject: NYS CSCIC Advisory - Microsoft Windows Malformed ART Image Remote Code Execution Vulnerability - RISK - HIGH
                
               

NEW YORK STATE OFFICE OF CYBER SECURITY AND CRITICAL INFRASTRUCTURE COORDINATION CYBER ADVISORY
                

CSCIC ADVISORY NUMBER: 
2006-011

                 
DATE ISSUED: 
June 13, 2006
                 

SUBJECT: 
Microsoft Windows Malformed ART Image Remote Code Execution Vulnerability

                 
OVERVIEW: 
A vulnerability has been discovered in Microsoft Windows operating systems that could allow a remote attacker to take complete control of an affected system with limited user interaction.  The user's computer can be exploited by visiting a malicious website which contains a specially crafted ART image or view a specially crafted HTML email message that contains the malicious ART image.  This also includes previewing the email message using the preview window within Outlook.

                 
Note that ART is an image format that is commonly used by America Online (AOL) software however Windows XP and 2003 also recognizes ART formats even without AOL software installed.

                

SYSTEMS AFFECTED:

                *         Microsoft Windows XP Service Pack 1

                *         Microsoft Windows XP Service Pack 2

                *         Microsoft Windows XP Professional x64 Edition

                *         Microsoft Windows Server 2003

                *         Microsoft Windows Server 2003 Service Pack 1

                *         Microsoft Windows Server 2003 for Itanium-based Systems

                *         Microsoft Windows Server 2003 with SP1 for Itanium-based Systems

                *         Microsoft Windows Server 2003 x64 Edition

                 

                

RISK:
Government:
****** Large and medium government entities: High
****** Small government entities: High

                

Businesses:
****** Large and medium business entities: High
****** Small business entities: High
                

Home users: High
                
                

               
DESCRIPTION:
A vulnerability (CVE-2006-2378) has been identified in the windows operating system that is prone to remote code execution when processing malformed AOL ART images.  The user's computer can be exploited by visiting a malicious website which contains a specially crafted ART image or view a specially crafted HTML email message that contains the malicious ART image. It should be noted that this vulnerability can also be exploited by visiting websites that accepts and hosts user provided content. In this attack scenario, malicious user can upload the specially crafted ART image as an advertisement banner and exploit vulnerable machines through this trusted website. In the email attack scenario, the malicious user sends a specially crafted mail message containing the malicious ART image.

After successful exploitation, an attacker could take complete control of a vulnerable system, and perform actions such as install programs, view, change, and delete data, and create user accounts. 

 Microsoft has released patches which address these vulnerabilities as well as other workarounds.

                

RECOMMENDATIONS:

CSCIC recommends the following actions be taken:

                *         Apply the appropriate patches as soon as possible after appropriate testing. The patch is available at      
http://www.microsoft.com/technet/security/Bulletin/MS06-022.mspx

                *         Block un-trusted incoming traffic from the Internet at your network perimeter.

                *         Do not visit unknown or un-trusted websites or follow links provided by unknown or un-trusted sources.

                *         Do not open email attachments from un-trusted sources.

                *         Ensure that all anti-virus software is up to date with the latest signatures.

                *         Set email client software to show emails in plain text. 

                

REFERENCES:
               
Microsoft   http://www.microsoft.com/technet/security/Bulletin/MS06-022.mspx               

Secunia      http://secunia.com/advisories/20605/                 

SecurityFocus  http://www.securityfocus.com/bid/18394/info

CVE    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2378
                                                                             

                NYS Cyber Security & Critical Infrastructure Coordination
                30 South Pearl Street, Suite P2
                Albany, NY 12207
                (518) 474-0865
                7x24 CSAC 1-866-787-4722
             
 

BLANKABCDEFGHIJKLMBLANK
BLANKNOPQRSTUVWXYZBLANK
CHOOSE FROM the ITS Site Index

GO TO an ITS Group

Information Technology Services
University at Albany, SUNY
1400 Washington Avenue
Albany, NY 12222
ITS Service Centers:  518-442-4000
  		University at Albany Home Page
Contact UAlbany | Directories | Calendars | Visitors | Site Index | Search
Admissions | Academics | Research | IT Services | Libraries | Athletics
Internet Privacy Policy              IT Policies