fparkerropes
Programmer
I have a Crystal Report(Crystal 11) which displays employee photos & some info about the employee. When I am in preview mode & paging forward, I will reach a certain employee & get the Integer Division By Zero Exception. It is important to note that there is no math involved. If i remove the picture, everything is fine. Has anyone run into this, and if so how did they get around it?
We did find the Security Tracker below which seems to relate to the problem.
Microsoft GDI+ ICO File Divide By Zero Bug Lets Remote Users Deny Service
SecurityTracker Alert ID: 1018202
SecurityTracker URL: CVE Reference: CVE-2007-2237 (Links to External Site)
Date: Jun 7 2007
Impact: Denial of service via network
Exploit Included: Yes Vendor Confirmed: Yes
Version(s): XP, XP SP1, XP SP2
Description: A vulnerability was reported in Microsoft GDI+. A remote user can cause denial of service conditions.
A remote user can create a specially crafted '.ico' file that, when processed by the target user, will trigger a divide by zero error and cause the target application to crash.
An ICO file with a specially crafted InfoHeader Height value viewed or previewed via Windows Explorer or Windows Picture and Fax Viewer can trigger a crash.
Version 5.1.3102.2180 of 'GdiPlus.dll' is affected.
Windows Vista is not affected.
The vendor was notified on May 3, 2007.
The original advisory is available at:
Peter Kruse of CSIS Security Group reported this vulnerability. CSIS Security Group discovered this vulnerability.
Impact: A remote user can create a file that, when processed by the target user, will cause the target application to crash.
Solution: No solution was available at the time of this entry.
Microsoft plans to issue a fix in the next service pack.
Vendor URL: (Links to External Site)
Cause: State error
Underlying OS: Windows (XP)
Reported By: "Peter Kruse" <pkr@csis.dk>
We did find the Security Tracker below which seems to relate to the problem.
Microsoft GDI+ ICO File Divide By Zero Bug Lets Remote Users Deny Service
SecurityTracker Alert ID: 1018202
SecurityTracker URL: CVE Reference: CVE-2007-2237 (Links to External Site)
Date: Jun 7 2007
Impact: Denial of service via network
Exploit Included: Yes Vendor Confirmed: Yes
Version(s): XP, XP SP1, XP SP2
Description: A vulnerability was reported in Microsoft GDI+. A remote user can cause denial of service conditions.
A remote user can create a specially crafted '.ico' file that, when processed by the target user, will trigger a divide by zero error and cause the target application to crash.
An ICO file with a specially crafted InfoHeader Height value viewed or previewed via Windows Explorer or Windows Picture and Fax Viewer can trigger a crash.
Version 5.1.3102.2180 of 'GdiPlus.dll' is affected.
Windows Vista is not affected.
The vendor was notified on May 3, 2007.
The original advisory is available at:
Peter Kruse of CSIS Security Group reported this vulnerability. CSIS Security Group discovered this vulnerability.
Impact: A remote user can create a file that, when processed by the target user, will cause the target application to crash.
Solution: No solution was available at the time of this entry.
Microsoft plans to issue a fix in the next service pack.
Vendor URL: (Links to External Site)
Cause: State error
Underlying OS: Windows (XP)
Reported By: "Peter Kruse" <pkr@csis.dk>