San Jose, CA (PressExposure) October 21, 2009 -- SkyRecon SystemsÂ® (www.skyrecon.com), the premier provider of integrated, proactive endpoint security solutions, today announced that its Research & Development team discovered the Windows GDI+ PNG Heap Overflow Vulnerability (CVE-2009-2501). Microsoft was quick to release a patch yesterday. SkyReconâs StormShield automatically protects systems against these vulnerabilities.
A remote code execution vulnerability exists in the way that GDI+ allocates memory. The vulnerability could allow remote code execution if a user opens a specially crafted PNG image file. An attacker who successfully exploits this vulnerability could take complete control of an affected system.
âWe continue to focus on building leading-edge unified endpoint client security solutions for our customers to help them secure their Windows operating environment, and therefore strive to provide Microsoft with information we uncover to increase the overall security posture of their operating systems and related applications,â said Yann Torrent, R&D Director at SkyRecon Systems Inc.
âDuring our ongoing security research and development, designed to deliver the most effective and relevant security measures available for the Windows operating environment, we found this vulnerability exposed, which could be used to gain control of the affected system,â said Torrent.
Microsoft rated this security update as âCriticalâ for all supported editions of Windows XP and Windows Server 2003; Windows Vista and Windows Vista Service Pack 1; Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1; Windows Server 2008 for 32-bit Systems, Windows Server 2008 for x64-based Systems, and Windows Server 2008 for Itanium-based Systems; Microsoft Internet Explorer 6 Service Pack 1 when installed on Microsoft Windows 2000 Service Pack 4, SQL Server 2000 Reporting Services Service Pack 2, all supported editions of SQL Server 2005, Microsoft Report Viewer 2005 Service Pack 1 Redistributable Package, Microsoft Report Viewer 2008 Redistributable Package, and Microsoft Report Viewer 2008 Redistributable Package Service Pack 1.
Information on Microsoft Security Bullet MS09-062 can be found at: http://www.microsoft.com/technet/security/Bulletin/MS09-062.mspx (Accredited to Thomas Garnier of SkyRecon Systems.)
To view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, visit http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2501