Executive Summary

Informations
Name MS05-053 First vendor Publication N/A
Vendor Microsoft Last vendor Modification 2008-12-09
Severity (Vendor) Critical Revision 1.2

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.6 Attack Range Network
Cvss Impact Score 10 Attack Complexity High
Cvss Expoit Score 4.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Revision Note: V1.2 (December 9, 2008): Bulletin updated to add an entry in the section, Frequently asked questions (FAQ) related to this security update, about a minor revision of the Windows Server 2003 package. Customers who have already successfully applied the previous update need not take any action.Summary: This update resolves several newly-discovered, privately reported and public vulnerabilities. Each vulnerability is documented in this bulletin in its own Vulnerability Details section of this bulletin. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We recommend that customers apply the update immediately.

Original Source

Url : http://www.microsoft.com/technet/security/bulletin/MS05-053.mspx

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-399 Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:1063
 
Oval ID: oval:org.mitre.oval:def:1063
Title: WMF Rendering Code Execution Vulnerability (Windows 2000)
Description: Multiple integer overflows in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allow remote attackers to execute arbitrary code via crafted Windows Metafile (WMF) and Enhanced Metafile (EMF) format images that lead to heap-based buffer overflows, as demonstrated using MRBP16::bCheckRecord.
Family: windows Class: vulnerability
Reference(s): CVE-2005-2123
 Version: 6
Platform(s): Microsoft Windows 2000
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1121
 
Oval ID: oval:org.mitre.oval:def:1121
Title: EMF Rendering Denial of Service Vulnerability (32-bit Windows XP,SP2)
Description: The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 allows remote attackers to cause a denial of service (application crash) via a crafted Enhanced Metafile (EMF) file that causes invalid (1) end, (2) emreof, or (3) palent offsets to be used, aka "Enhanced Metafile Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2005-0803
 Version: 6
Platform(s): Microsoft Windows XP
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1152
 
Oval ID: oval:org.mitre.oval:def:1152
Title: EMF Rendering Denial of Service Vulnerability (32-bit Windows XP,SP1)
Description: The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 allows remote attackers to cause a denial of service (application crash) via a crafted Enhanced Metafile (EMF) file that causes invalid (1) end, (2) emreof, or (3) palent offsets to be used, aka "Enhanced Metafile Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2005-0803
 Version: 5
Platform(s): Microsoft Windows XP
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1175
 
Oval ID: oval:org.mitre.oval:def:1175
Title: WMF Rendering Code Execution Vulnerability (32-bit Windows XP,SP2)
Description: Multiple integer overflows in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allow remote attackers to execute arbitrary code via crafted Windows Metafile (WMF) and Enhanced Metafile (EMF) format images that lead to heap-based buffer overflows, as demonstrated using MRBP16::bCheckRecord.
Family: windows Class: vulnerability
Reference(s): CVE-2005-2123
 Version: 6
Platform(s): Microsoft Windows XP
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1215
 
Oval ID: oval:org.mitre.oval:def:1215
Title: EMF Rendering Denial of Service Vulnerability (64-bit Windows XP and Server 2003,SP1)
Description: The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 allows remote attackers to cause a denial of service (application crash) via a crafted Enhanced Metafile (EMF) file that causes invalid (1) end, (2) emreof, or (3) palent offsets to be used, aka "Enhanced Metafile Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2005-0803
 Version: 5
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1240
 
Oval ID: oval:org.mitre.oval:def:1240
Title: EMF Rendering Denial of Service Vulnerability (Windows 2000)
Description: The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 allows remote attackers to cause a denial of service (application crash) via a crafted Enhanced Metafile (EMF) file that causes invalid (1) end, (2) emreof, or (3) palent offsets to be used, aka "Enhanced Metafile Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2005-0803
 Version: 7
Platform(s): Microsoft Windows 2000
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1263
 
Oval ID: oval:org.mitre.oval:def:1263
Title: WMF Rendering Code Execution Vulnerability (64-bit Windows XP and Server 2003,Unpatched)
Description: Multiple integer overflows in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allow remote attackers to execute arbitrary code via crafted Windows Metafile (WMF) and Enhanced Metafile (EMF) format images that lead to heap-based buffer overflows, as demonstrated using MRBP16::bCheckRecord.
Family: windows Class: vulnerability
Reference(s): CVE-2005-2123
 Version: 6
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1546
 
Oval ID: oval:org.mitre.oval:def:1546
Title: WMF Rendering Code Execution Vulnerability (32-bit Windows XP,SP1)
Description: Multiple integer overflows in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allow remote attackers to execute arbitrary code via crafted Windows Metafile (WMF) and Enhanced Metafile (EMF) format images that lead to heap-based buffer overflows, as demonstrated using MRBP16::bCheckRecord.
Family: windows Class: vulnerability
Reference(s): CVE-2005-2123
 Version: 6
Platform(s): Microsoft Windows XP
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:671
 
Oval ID: oval:org.mitre.oval:def:671
Title: EMF Rendering Denial of Service Vulnerability (64-bit Windows XP and Server 2003,Unpatched)
Description: The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 allows remote attackers to cause a denial of service (application crash) via a crafted Enhanced Metafile (EMF) file that causes invalid (1) end, (2) emreof, or (3) palent offsets to be used, aka "Enhanced Metafile Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2005-0803
 Version: 6
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:701
 
Oval ID: oval:org.mitre.oval:def:701
Title: WMF Rendering Code Execution Vulnerability (64-bit Windows XP and Server 2003,SP1)
Description: Multiple integer overflows in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allow remote attackers to execute arbitrary code via crafted Windows Metafile (WMF) and Enhanced Metafile (EMF) format images that lead to heap-based buffer overflows, as demonstrated using MRBP16::bCheckRecord.
Family: windows Class: vulnerability
Reference(s): CVE-2005-2123
 Version: 5
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 6
Os 5
Os 3

ExploitDB Exploits

id Description
2005-11-30 MS Windows Metafile (mtNoObjects) Denial of Service Exploit (MS05-053)
2005-11-29 MS Windows Metafile (gdi32.dll) Denial of Service Exploit (MS05-053)

Open Source Vulnerability Database (OSVDB)

Id Description
20580 Microsoft Windows GetEnhMetaFilePaletteEntries() EMF File Rendering DoS

Windows contains a flaw that may allow a remote denial of service. The issue is triggered when a malformed EMF file is processed by the GetEnhMetaFilePaletteEntries() function, and will result in loss of availability for the application.
20579 Microsoft Windows GDI Metafile SetPalette Entries Overflow

A remote overflow exists in Windows. The PlayMetaFileRecord function fails to validate "SetPaletteEntries"-type records resulting in an integer overflow. With a specially crafted Windows MetaFile, an attacker can cause arbitrary code execution resulting in a loss of integrity.
18820 Microsoft Windows GDI EMF/WMF Metafile Processing Multiple Overflows

Multiple remote overflows exist in Windows. The metafile rendering code in GDI32.DLL fails to validate EMF/WMF file data resulting in integer overflows. With a specially crafted file, an attacker can cause arbitrary code execution resulting in a loss of integrity.
14862 Microsoft Windows GDI32.DLL GetEnhMetaFilePaletteEntries() API EMF File DoS

Snort® IPS/IDS

Date Description
2017-09-26 Microsoft Windows Metafile invalid header size integer overflow attempt
RuleID : 44132 - Revision : 2 - Type : OS-WINDOWS
2017-09-26 Microsoft Windows Metafile invalid header size integer overflow attempt
RuleID : 44131 - Revision : 2 - Type : OS-WINDOWS
2017-09-26 Microsoft Windows Metafile invalid header size integer overflow attempt
RuleID : 44130 - Revision : 2 - Type : OS-WINDOWS
2017-09-26 Microsoft Windows Metafile invalid header size integer overflow attempt
RuleID : 44129 - Revision : 2 - Type : OS-WINDOWS
2017-09-26 Microsoft Windows metafile SetPaletteEntries heap overflow attempt
RuleID : 44128 - Revision : 1 - Type : FILE-IMAGE
2015-06-23 Microsoft Windows Graphics engine EMF rendering vulnerability
RuleID : 34565 - Revision : 1 - Type : OS-WINDOWS
2016-03-14 Microsoft emf file download request
RuleID : 33740-community - Revision : 2 - Type : FILE-IMAGE
2015-04-10 Microsoft emf file download request
RuleID : 33740 - Revision : 2 - Type : FILE-IMAGE
2014-01-10 Microsoft emf file download request
RuleID : 2435-community - Revision : 33 - Type : FILE-IDENTIFY
2014-01-10 Microsoft emf file download request
RuleID : 2435 - Revision : 33 - Type : FILE-IDENTIFY
2014-01-10 Microsoft Windows Graphics engine EMF rendering vulnerability
RuleID : 17618 - Revision : 11 - Type : OS-WINDOWS
2014-01-10 Microsoft Windows metafile SetPaletteEntries heap overflow attempt
RuleID : 13807 - Revision : 16 - Type : FILE-IMAGE

Nessus® Vulnerability Scanner

Date Description
2005-11-08 Name : Arbitrary code can be executed on the remote host by sending a malformed file...
File : smb_nt_ms05-053.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2015-04-10 21:25:51
  • Multiple Updates
2014-02-17 11:45:17
  • Multiple Updates
2014-01-19 21:29:57
  • Multiple Updates