Executive Summary
Informations | |||
---|---|---|---|
Name | MS05-053 | First vendor Publication | N/A |
Vendor | Microsoft | Last vendor Modification | 2008-12-09 |
Severity (Vendor) | Critical | Revision | 1.2 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:H/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.6 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | High |
Cvss Expoit Score | 4.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.2 (December 9, 2008): Bulletin updated to add an entry in the section, Frequently asked questions (FAQ) related to this security update, about a minor revision of the Windows Server 2003 package. Customers who have already successfully applied the previous update need not take any action.Summary: This update resolves several newly-discovered, privately reported and public vulnerabilities. Each vulnerability is documented in this bulletin in its own Vulnerability Details section of this bulletin. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We recommend that customers apply the update immediately. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/MS05-053.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-399 | Resource Management Errors |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:1063 | |||
Oval ID: | oval:org.mitre.oval:def:1063 | ||
Title: | WMF Rendering Code Execution Vulnerability (Windows 2000) | ||
Description: | Multiple integer overflows in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allow remote attackers to execute arbitrary code via crafted Windows Metafile (WMF) and Enhanced Metafile (EMF) format images that lead to heap-based buffer overflows, as demonstrated using MRBP16::bCheckRecord. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-2123 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1121 | |||
Oval ID: | oval:org.mitre.oval:def:1121 | ||
Title: | EMF Rendering Denial of Service Vulnerability (32-bit Windows XP,SP2) | ||
Description: | The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 allows remote attackers to cause a denial of service (application crash) via a crafted Enhanced Metafile (EMF) file that causes invalid (1) end, (2) emreof, or (3) palent offsets to be used, aka "Enhanced Metafile Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0803 | Version: | 6 |
Platform(s): | Microsoft Windows XP | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:1152 | |||
Oval ID: | oval:org.mitre.oval:def:1152 | ||
Title: | EMF Rendering Denial of Service Vulnerability (32-bit Windows XP,SP1) | ||
Description: | The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 allows remote attackers to cause a denial of service (application crash) via a crafted Enhanced Metafile (EMF) file that causes invalid (1) end, (2) emreof, or (3) palent offsets to be used, aka "Enhanced Metafile Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0803 | Version: | 5 |
Platform(s): | Microsoft Windows XP | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1175 | |||
Oval ID: | oval:org.mitre.oval:def:1175 | ||
Title: | WMF Rendering Code Execution Vulnerability (32-bit Windows XP,SP2) | ||
Description: | Multiple integer overflows in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allow remote attackers to execute arbitrary code via crafted Windows Metafile (WMF) and Enhanced Metafile (EMF) format images that lead to heap-based buffer overflows, as demonstrated using MRBP16::bCheckRecord. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-2123 | Version: | 6 |
Platform(s): | Microsoft Windows XP | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:1215 | |||
Oval ID: | oval:org.mitre.oval:def:1215 | ||
Title: | EMF Rendering Denial of Service Vulnerability (64-bit Windows XP and Server 2003,SP1) | ||
Description: | The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 allows remote attackers to cause a denial of service (application crash) via a crafted Enhanced Metafile (EMF) file that causes invalid (1) end, (2) emreof, or (3) palent offsets to be used, aka "Enhanced Metafile Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0803 | Version: | 5 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1240 | |||
Oval ID: | oval:org.mitre.oval:def:1240 | ||
Title: | EMF Rendering Denial of Service Vulnerability (Windows 2000) | ||
Description: | The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 allows remote attackers to cause a denial of service (application crash) via a crafted Enhanced Metafile (EMF) file that causes invalid (1) end, (2) emreof, or (3) palent offsets to be used, aka "Enhanced Metafile Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0803 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1263 | |||
Oval ID: | oval:org.mitre.oval:def:1263 | ||
Title: | WMF Rendering Code Execution Vulnerability (64-bit Windows XP and Server 2003,Unpatched) | ||
Description: | Multiple integer overflows in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allow remote attackers to execute arbitrary code via crafted Windows Metafile (WMF) and Enhanced Metafile (EMF) format images that lead to heap-based buffer overflows, as demonstrated using MRBP16::bCheckRecord. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-2123 | Version: | 6 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1546 | |||
Oval ID: | oval:org.mitre.oval:def:1546 | ||
Title: | WMF Rendering Code Execution Vulnerability (32-bit Windows XP,SP1) | ||
Description: | Multiple integer overflows in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allow remote attackers to execute arbitrary code via crafted Windows Metafile (WMF) and Enhanced Metafile (EMF) format images that lead to heap-based buffer overflows, as demonstrated using MRBP16::bCheckRecord. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-2123 | Version: | 6 |
Platform(s): | Microsoft Windows XP | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:671 | |||
Oval ID: | oval:org.mitre.oval:def:671 | ||
Title: | EMF Rendering Denial of Service Vulnerability (64-bit Windows XP and Server 2003,Unpatched) | ||
Description: | The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 allows remote attackers to cause a denial of service (application crash) via a crafted Enhanced Metafile (EMF) file that causes invalid (1) end, (2) emreof, or (3) palent offsets to be used, aka "Enhanced Metafile Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0803 | Version: | 6 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:701 | |||
Oval ID: | oval:org.mitre.oval:def:701 | ||
Title: | WMF Rendering Code Execution Vulnerability (64-bit Windows XP and Server 2003,SP1) | ||
Description: | Multiple integer overflows in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allow remote attackers to execute arbitrary code via crafted Windows Metafile (WMF) and Enhanced Metafile (EMF) format images that lead to heap-based buffer overflows, as demonstrated using MRBP16::bCheckRecord. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-2123 | Version: | 5 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 6 | |
Os | 5 | |
Os | 3 |
ExploitDB Exploits
id | Description |
---|---|
2005-11-30 | MS Windows Metafile (mtNoObjects) Denial of Service Exploit (MS05-053) |
2005-11-29 | MS Windows Metafile (gdi32.dll) Denial of Service Exploit (MS05-053) |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
20580 | Microsoft Windows GetEnhMetaFilePaletteEntries() EMF File Rendering DoS Windows contains a flaw that may allow a remote denial of service. The issue is triggered when a malformed EMF file is processed by the GetEnhMetaFilePaletteEntries() function, and will result in loss of availability for the application. |
20579 | Microsoft Windows GDI Metafile SetPalette Entries Overflow A remote overflow exists in Windows. The PlayMetaFileRecord function fails to validate "SetPaletteEntries"-type records resulting in an integer overflow. With a specially crafted Windows MetaFile, an attacker can cause arbitrary code execution resulting in a loss of integrity. |
18820 | Microsoft Windows GDI EMF/WMF Metafile Processing Multiple Overflows Multiple remote overflows exist in Windows. The metafile rendering code in GDI32.DLL fails to validate EMF/WMF file data resulting in integer overflows. With a specially crafted file, an attacker can cause arbitrary code execution resulting in a loss of integrity. |
14862 | Microsoft Windows GDI32.DLL GetEnhMetaFilePaletteEntries() API EMF File DoS |
Snort® IPS/IDS
Date | Description |
---|---|
2017-09-26 | Microsoft Windows Metafile invalid header size integer overflow attempt RuleID : 44132 - Revision : 2 - Type : OS-WINDOWS |
2017-09-26 | Microsoft Windows Metafile invalid header size integer overflow attempt RuleID : 44131 - Revision : 2 - Type : OS-WINDOWS |
2017-09-26 | Microsoft Windows Metafile invalid header size integer overflow attempt RuleID : 44130 - Revision : 2 - Type : OS-WINDOWS |
2017-09-26 | Microsoft Windows Metafile invalid header size integer overflow attempt RuleID : 44129 - Revision : 2 - Type : OS-WINDOWS |
2017-09-26 | Microsoft Windows metafile SetPaletteEntries heap overflow attempt RuleID : 44128 - Revision : 1 - Type : FILE-IMAGE |
2015-06-23 | Microsoft Windows Graphics engine EMF rendering vulnerability RuleID : 34565 - Revision : 1 - Type : OS-WINDOWS |
2016-03-14 | Microsoft emf file download request RuleID : 33740-community - Revision : 2 - Type : FILE-IMAGE |
2015-04-10 | Microsoft emf file download request RuleID : 33740 - Revision : 2 - Type : FILE-IMAGE |
2014-01-10 | Microsoft emf file download request RuleID : 2435-community - Revision : 33 - Type : FILE-IDENTIFY |
2014-01-10 | Microsoft emf file download request RuleID : 2435 - Revision : 33 - Type : FILE-IDENTIFY |
2014-01-10 | Microsoft Windows Graphics engine EMF rendering vulnerability RuleID : 17618 - Revision : 11 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows metafile SetPaletteEntries heap overflow attempt RuleID : 13807 - Revision : 16 - Type : FILE-IMAGE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2005-11-08 | Name : Arbitrary code can be executed on the remote host by sending a malformed file... File : smb_nt_ms05-053.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2015-04-10 21:25:51 |
|
2014-02-17 11:45:17 |
|
2014-01-19 21:29:57 |
|