Executive Summary

Summary
Title	Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution.

Informations
Name	KB912840	First vendor Publication	2005-12-28
Vendor	Microsoft	Last vendor Modification	2006-01-05
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	7.5	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	10	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Microsoft has completed the investigation into a public report of a vulnerability. We have issued a security bulletin to address this issue. For more information about this issue, including download links for an available security update, please review the security bulletin.

Original Source

Url : http://www.microsoft.com/technet/security/advisory/912840.mspx

CWE : Common Weakness Enumeration

id	Name
CWE-20	Improper Input Validation

OVAL Definitions

 

Definition Id: oval:org.mitre.oval:def:1612
Oval ID:	oval:org.mitre.oval:def:1612
Title:	Server 2003 Graphics Rendering Engine Vulnerability
Description:	The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and CVE-2005-2124, and as originally discovered in the wild on unionseek.com.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2005-4560	Version:	6
Platform(s):	Microsoft Windows Server 2003	Product(s):
Definition Synopsis:
Windows Server 2003 is installed AND NOT Win2K/XP/2003 is patched AND the version of Gdi32.dll is less than 5.2.3790.462

 

Definition Id: oval:org.mitre.oval:def:1564
Oval ID:	oval:org.mitre.oval:def:1564
Title:	WinXP,SP1 Graphics Rendering Engine Vulnerability
Description:	The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and CVE-2005-2124, and as originally discovered in the wild on unionseek.com.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2005-4560	Version:	5
Platform(s):	Microsoft Windows XP	Product(s):
Definition Synopsis:
Windows XP is installed AND Win2K/XP/2003/Vista service pack 1 is installed AND NOT a version of Windows for the ia64 architecture is installed AND the version of Gdi32.dll is less than 5.1.2600.1789

 

Definition Id: oval:org.mitre.oval:def:1492
Oval ID:	oval:org.mitre.oval:def:1492
Title:	WinXP (64-bit) Graphics Rendering Engine Vulnerability
Description:	The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and CVE-2005-2124, and as originally discovered in the wild on unionseek.com.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2005-4560	Version:	5
Platform(s):	Microsoft Windows XP	Product(s):
Definition Synopsis:
Windows XP is installed AND Win2K/XP/2003/Vista service pack 1 is installed AND a version of Windows for the ia64 architecture is installed AND the version of Gdi32.dll is less than 5.2.3790.2606

 

Definition Id: oval:org.mitre.oval:def:1460
Oval ID:	oval:org.mitre.oval:def:1460
Title:	Server 2003,SP1 Graphics Rendering Engine Vulnerability
Description:	The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and CVE-2005-2124, and as originally discovered in the wild on unionseek.com.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2005-4560	Version:	5
Platform(s):	Microsoft Windows XP	Product(s):
Definition Synopsis:
Windows Server 2003 is installed AND Win2K/XP/2003/Vista service pack 1 is installed AND the version of Gdi32.dll is less than 5.2.3790.2606

 

Definition Id: oval:org.mitre.oval:def:1433
Oval ID:	oval:org.mitre.oval:def:1433
Title:	WinXP,SP2 Graphics Rendering Engine Vulnerability
Description:	The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and CVE-2005-2124, and as originally discovered in the wild on unionseek.com.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2005-4560	Version:	6
Platform(s):	Microsoft Windows XP	Product(s):
Definition Synopsis:
Windows XP is installed AND Win2K/XP/2003/Vista/2008 service pack 2 is installed AND the version of Gdi32.dll is less than 5.1.2600.2818

 

Definition Id: oval:org.mitre.oval:def:1431
Oval ID:	oval:org.mitre.oval:def:1431
Title:	Win2K Graphics Rendering Engine Vulnerability
Description:	The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and CVE-2005-2124, and as originally discovered in the wild on unionseek.com.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2005-4560	Version:	6
Platform(s):	Microsoft Windows 2000	Product(s):
Definition Synopsis:
Windows 2000 Service Pack 4 (or later) is installed Windows 2000 is installed AND Win2K/XP/2003 service pack 4 (or later) is installed AND the version of Gdi32.dll is less than 5.0.2195.7073

CPE : Common Platform Enumeration

Type	Description	Count
Os	Microsoft Windows 2003 Server cpe:/o:microsoft:windows_2003_server:web:sp1 cpe:/o:microsoft:windows_2003_server:web cpe:/o:microsoft:windows_2003_server:standard::64-bit cpe:/o:microsoft:windows_2003_server:standard:sp1 cpe:/o:microsoft:windows_2003_server:r2:sp1 cpe:/o:microsoft:windows_2003_server:r2::64-bit cpe:/o:microsoft:windows_2003_server:enterprise::64-bit cpe:/o:microsoft:windows_2003_server:enterprise:sp1	8
Os	Microsoft Windows Xp cpe:/o:microsoft:windows_xp::sp1:home cpe:/o:microsoft:windows_xp::sp2:tablet_pc cpe:/o:microsoft:windows_xp::sp2:media_center cpe:/o:microsoft:windows_xp::sp2:home cpe:/o:microsoft:windows_xp::gold:professional cpe:/o:microsoft:windows_xp:::home cpe:/o:microsoft:windows_xp:::media_center cpe:/o:microsoft:windows_xp::sp1:media_center	8

SAINT Exploits

Description	Link
Windows WMF handling vulnerability	More info here

ExploitDB Exploits

id	Description
2010-09-20	Windows XP/2003/Vista Metafile Escape() SetAbortProc Code Execution

Open Source Vulnerability Database (OSVDB)

id	Description
21987	Microsoft Windows Shimgvw.dll SETABORTPROC Function Crafted WMF Arbitrary Cod...

Metasploit Database

id	Description
2005-12-27	Windows XP/2003/Vista Metafile Escape() SetAbortProc Code Execution

Alert History

Date	Informations
2013-05-01 17:22:44	Multiple Updates
2013-05-01 13:28:11	Multiple Updates
2013-05-01 09:22:52	Multiple Updates
2013-05-01 05:38:36	Multiple Updates