09 October 2017
Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.2530 (0Day) Microsoft Windows WAV File Uninitialized Pointer Denial of Service Vulnerability 9 October 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Windows Publisher: Zero Day Initiative Operating System: Windows Impact/Access: Denial of Service -- Remote with User Interaction Resolution: Mitigation Original Bulletin: http://www.zerodayinitiative.com/advisories/ZDI-17-838 - --------------------------BEGIN INCLUDED TEXT-------------------- (0Day) Microsoft Windows WAV File Uninitialized Pointer Denial of Service Vulnerability ZDI-17-838: October 6th, 2017 CVSS Score 5, (AV:N/AC:L/Au:N/C:N/I:N/A:P) Affected Vendors Microsoft Affected Products Windows Vulnerability Details This vulnerability allows remote attackers to cause a denial-of-service condition on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of WAV audio files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition in the context of the Explorer process or other current process. Vendor Response Microsoft states: This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline. 09/01/17 - ZDI disclosed the report to the vendor. 09/01/17 - The vendor acknowledged the report and provided a case manager and a tracking number. 09/15/17 - The vendor responded that "We have finished our investigation into this report and determined this does not meet our bar for servicing a downlevel security patch. This requires user interaction to trigger and is not a persistent DOS. Our analysis has determined it does not bugcheck. A blackscreen will show and explorer.exe will restart. Can you confirm your disclosure timeline?" 09/15/17 - ZDI advised the vendor that this report will 0-day on 10/06/17. - -- Mitigation: Given the nature of the vulnerability the only salient mitigation strategy is to restrict interaction with the application to trusted files. Disclosure Timeline 2017-09-01 - Vulnerability reported to vendor 2017-10-06 - Coordinated public release of advisory Credit This vulnerability was discovered by: Andre Fassbender - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to firstname.lastname@example.org and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: email@example.com Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWdrFRox+lLeg9Ub1AQi/pQ//Udvxt9TqH20H+K4RYDR+h5jiqYt8Csw9 9jfKIkILLw2K0lTi4e9//5uiuxOfnWXEmLKcHyJ4SiAYeVmo6QMJIcJQOlyyeEsm 06m0RNmxGPl+9mlqJ2RBpyMJK1TkNd/b2Js7ab4IqCUxe2qbwRXUtSbHJ7tE39IW 60ZRvfPo4wUvR5+l5vPaybSGkbxPIGEP/ZVK3gARw1rgNWcQxeLQcHDFLE0EPH5O z/KuUFKgRsxNBUKCzuIwCKu9AqtiUkPbZWH4vU3n5vbKXQtHMLhGyN3amxHIfHJI rOX6v4OVm3SI7Z65tkQy6z6pA4nqdYwyGDEHRnrsTKAwrC50gYCOSe6bFvIRDhhX RaLSuW73FWZFljUoqB6gFV0yyynYJ9mdpYKE4t4s2TeMmtOD1ULJDFC5z+5EZ9P+ /HTTwfYNPbikr/L3L4FnXorlrHJlKPJQn7WPUcQQUoElR8s64GFrBPEAMPEUEQbO 01VGQ0hiu80FqahJgfjWKuQ/TGc9iD57agcJF3tEoCsR+w3twQR+vGv6KiWoPGlw koiaOF/ipHSpLTNjeSxCRE1UMiVLAvwG2K4xVbGEckYHRlnZnXB6kcOwwdAUjrYW kWHUiiczUaD2kyz+zRhEoYmvzrtJfYmjOzSFI139sGrmL21mjID2iV2OpHvvwnTW x2cxFsi4cKs= =iXY7 -----END PGP SIGNATURE-----