Microsoft Patches Code Execution Vulnerability in wimgapi Library

guest · Jun 15, 2018

Microsoft Patches Code Execution Vulnerability in wimgapi Library
Microsoft this week patched a remote code execution vulnerability affecting the wimgapi library, which is used to perform operations on Windows Imaging Format (WIM) files.
June 15, 2018
https://www.securityweek.com/microsoft-patches-code-execution-vulnerability-wimgapi-library

Addressed as part of Microsoft’s June 2018 Patch Tuesday, the issue was discovered by Talos’ Marcin Noga in the LoadIntegrityInfo functions of wimgapi version 10.0.16299.15 (WinBuild.160101.0800). An attacker exploiting the flaw could use a specially crafted WIM image to cause heap corruption and achieve direct code execution.

“For example, it is enough if an application tries to open the WIM file via the WIMCreateFile function and requests a file handle. The function allocates heap memory based on a user-controlled size value, and uses another user-controlled value to read n bytes from the file into this buffer. It is using these values without any prior input checks,” Noga explains.

An attacker exploiting the vulnerability could execute malicious code with the same access rights as the logged-in user. They could also crash the system with a denial-of-service attack, the researcher says. Because WIM files do not have a registered file type handler by default, the issue cannot be triggered if the user double-clicks a WIM file, unless a file-handler was registered first.
Click to expand...

Log in or Sign up

Microsoft Patches Code Execution Vulnerability in wimgapi Library

guest Guest

Log in or Sign up

Microsoft Patches Code Execution Vulnerability in wimgapi Library

guest Guest

Useful Searches