TECHNICAL BULLETIN

T-151: Microsoft Windows Desktop Wall Paper System Parameter Local Denial Of Service Vulnerability

June 3, 2009 15:00 GMT


PROBLEM:	Microsoft Windows Desktop Wall Paper System contains a local denial of service vulnerability.
PLATFORM:	Microsoft Windows XP Tablet PC Edition SP3 Microsoft Windows XP Professional x64 Edition SP3 Microsoft Windows XP Professional SP3 Microsoft Windows XP Media Center Edition SP3 Microsoft Windows XP Home SP3
ABSTRACT:	Microsoft Windows is prone to a local denial-of-service vulnerability via the desktop wallpaper system.

LINKS:
DOE-CIRC BULLETIN:	http://www.doecirc.energy.gov/bulletins/t-151.shtml
OTHER LINKS:	Microsoft http://www.microsoft.com/ Ragestorm http://www.ragestorm.net/blogs/?p=78 Security Focus http://www.securityfocus.com/bid/35120/info

IMPACT ASSESSMENT:	This risk is medium. Exploit code is available, causes a system crash.

Discussion:
Microsoft Windows is prone to a local denial-of-service vulnerability.

Attackers may exploit this issue to cause the computer to crash, denying further service to legitimate users. Given the
nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.

This issue affects Windows XP SP3; other versions may also be affected.

Currently we are not aware of any vendor-supplied patches

DOE-CIRC wishes to acknowledge the contributions of Arkon for the information contained in this bulletin.

DOECIRC services are available to DOE, DOE Contractors, and the NIH. DOE-CIRC can be contacted at:

    Voice:          866-941-2472
    E-mail:          doecirc@doecirc.energy.gov
    World Wide Web:  http://www.doecirc.energy.gov

UCRL-MI-119788