virus logo Intrusion Prevention

MS.Paint.Integer.Overflow

description-logoDescription

Microsoft Paint is a graphic painting software available for all Windows Platforms.
Tielei Wang of ICST-ERCIS (Engineering Research Center of Info Security, Institute of Computer Science & Technology, Peking University/China) discovered a vulnerability in Microsoft Paint(MSpaint). MSpaint fails to preform a boundary check when loading a JPEG file. By enticing a user to open a specially crafted JPEG file, an attacker can overflow the process buffer and execute arbitrary code under the context of the user running the process.
This vulnerability was published in Common Vulnerabilities and Exposures List with ID CVE-2010-0028 also known as "MS Paint Integer Overflow Vulnerability".
Microsoft has addressed this issue in its security advisory:
http://technet.microsoft.com/en-us/security/bulletin/MS10-005

affected-products-logoAffected Products

Microsoft Paint in following platforms:
Microsoft Windows 2000 Service Pack 4
Windows XP Service Pack 2 and Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems

Impact logoImpact

The vulnerable system can be compromised and has risk of arbitrary code execution.

recomended-action-logoRecommended Actions

Patches:
Install update patches as instructed at http://www.microsoft.com/technet/security/Bulletin/ms10-005.mspx
Work Around:
Disable Microsoft Paint
For 32-bit Windows, run the following command from a command prompt:
cacls %SystemRoot%\system32\mspaint.exe /E /P everyone:N
For 64-bit Windows, run the following command from a command prompt:
cacls %SystemRoot%\SysWOW64\mspaint.exe /E /P everyone:N
On Windows XP and Windows Server 2003, remove Microsoft Paint
1. In Control Panel, open Add or Remove Programs.
2. Click Add/Remove Windows Components.
3. In the Windows Components Wizard, select Accessories and Utilities, and then click Details.
4. Select Accessories, and then click Details.
5. Click to clear the Paint check box, and then click OK twice.
6. In the Windows Components Wizard, make sure that the Accessories and Utilities check box is grey, and then click Next.
7. When the removal of files is completed, click Finish to exit the wizard.
For FortiGate IPS users, turning on the MS.Paint.Integer.Overflow IPS signature can prevent the exploitation of this vulnerability.

Coverage

IPS (Regular DB)
IPS (Extended DB)
ID 18198
Created Feb 10, 2010
Updated Jan 13, 2022
CVE ID
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
Exploit Prediction Score 69.24%
Default Action drop
Active
Affected OS Windows
Affected App MS_Office
Profile Type Numeric Errors