Executive Summary

Summary
TitleVulnerability in Graphics Rendering Engine Could Allow Remote Code Execution.
Informations
NameKB912840First vendor Publication2005-12-28
VendorMicrosoftLast vendor Modification2006-01-05
Severity (Vendor) N/ARevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score7.5Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Microsoft has completed the investigation into a public report of a vulnerability. We have issued a security bulletin to address this issue. For more information about this issue, including download links for an available security update, please review the security bulletin.


Original Source

Url : http://www.microsoft.com/technet/security/advisory/912840.mspx

CWE : Common Weakness Enumeration

idName
CWE-20Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:1612
 
Oval ID: oval:org.mitre.oval:def:1612
Title: Server 2003 Graphics Rendering Engine Vulnerability
Description: The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and CVE-2005-2124, and as originally discovered in the wild on unionseek.com.
Family: windows Class: vulnerability
Reference(s): CVE-2005-4560
Version: 6
Platform(s): Microsoft Windows Server 2003
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1564
 
Oval ID: oval:org.mitre.oval:def:1564
Title: WinXP,SP1 Graphics Rendering Engine Vulnerability
Description: The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and CVE-2005-2124, and as originally discovered in the wild on unionseek.com.
Family: windows Class: vulnerability
Reference(s): CVE-2005-4560
Version: 5
Platform(s): Microsoft Windows XP
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1492
 
Oval ID: oval:org.mitre.oval:def:1492
Title: WinXP (64-bit) Graphics Rendering Engine Vulnerability
Description: The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and CVE-2005-2124, and as originally discovered in the wild on unionseek.com.
Family: windows Class: vulnerability
Reference(s): CVE-2005-4560
Version: 5
Platform(s): Microsoft Windows XP
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1460
 
Oval ID: oval:org.mitre.oval:def:1460
Title: Server 2003,SP1 Graphics Rendering Engine Vulnerability
Description: The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and CVE-2005-2124, and as originally discovered in the wild on unionseek.com.
Family: windows Class: vulnerability
Reference(s): CVE-2005-4560
Version: 5
Platform(s): Microsoft Windows XP
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1433
 
Oval ID: oval:org.mitre.oval:def:1433
Title: WinXP,SP2 Graphics Rendering Engine Vulnerability
Description: The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and CVE-2005-2124, and as originally discovered in the wild on unionseek.com.
Family: windows Class: vulnerability
Reference(s): CVE-2005-4560
Version: 6
Platform(s): Microsoft Windows XP
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1431
 
Oval ID: oval:org.mitre.oval:def:1431
Title: Win2K Graphics Rendering Engine Vulnerability
Description: The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and CVE-2005-2124, and as originally discovered in the wild on unionseek.com.
Family: windows Class: vulnerability
Reference(s): CVE-2005-4560
Version: 6
Platform(s): Microsoft Windows 2000
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os8
Os8

SAINT Exploits

DescriptionLink
Windows WMF handling vulnerabilityMore info here

ExploitDB Exploits

idDescription
2010-09-20Windows XP/2003/Vista Metafile Escape() SetAbortProc Code Execution

Open Source Vulnerability Database (OSVDB)

idDescription
21987Microsoft Windows Shimgvw.dll SETABORTPROC Function Crafted WMF Arbitrary Cod...

Snort® IPS/IDS

DateDescription
2014-01-10Microsoft Windows picture and fax viewer wmf arbitrary code execution attempt
RuleID : 5319 - Revision : 14 - Type : OS-WINDOWS
2014-01-10Microsoft Windows wmf file arbitrary code execution attempt
RuleID : 5318 - Revision : 16 - Type : FILE-MULTIMEDIA

Metasploit Database

idDescription
2005-12-27 Windows XP/2003/Vista Metafile Escape() SetAbortProc Code Execution

Nessus® Vulnerability Scanner

DateDescription
2006-01-05Name : Arbitrary code can be executed on the remote host by sending a malformed file...
File : smb_nt_ms06-001.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2013-09-05 21:20:20
  • Multiple Updates