Executive Summary
Summary | |
---|---|
Title | Microsoft GDI Windows Metafile AttemptWrite integer overflow |
Informations | |||
---|---|---|---|
Name | VU#640136 | First vendor Publication | 2007-08-14 |
Vendor | VU-CERT | Last vendor Modification | 2007-08-14 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#640136Microsoft GDI Windows Metafile AttemptWrite integer overflowOverviewMicrosoft Windows GDI contains an integer overflow in the handling of Windows metafiles, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.I. DescriptionMicrosoft Windows GDI (Graphics Device Interface) enables applications to use graphics and formatted text on both video displays and printers. GDI can be used to handle bitmaps, metafiles, and fonts. Microsoft Windows GDI contains an integer overflow vulnerability in the AttemptWrite() function. This integer overflow leads to a heap overflow.II. ImpactBy convincing a user to view a specially crafted metafile, a remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the user.III. SolutionApply an updateThis vulnerability is addressed by Microsoft Security Bulletin MS07-046. This bulletin provides an updated version of GDI.
References
Thanks to Microsoft for reporting this vulnerability, who in turn credit eEye Digital Security. This document was written by Will Dormann.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/640136 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:2088 | |||
Oval ID: | oval:org.mitre.oval:def:2088 | ||
Title: | Remote Code Execution Vulnerability in GDI | ||
Description: | Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-3034 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 1 | |
Os | 2 | |
Os | 1 | |
Os | 2 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
36388 | Microsoft Windows Graphics Rendering Engine (GDI) Metafile Image Handling Ove... |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Windows wmf file arbitrary code execution attempt RuleID : 5318 - Revision : 20 - Type : FILE-MULTIMEDIA |
2016-04-05 | Microsoft Windows GDI metafile integer overflow attempt RuleID : 37879 - Revision : 1 - Type : FILE-IMAGE |
2016-04-05 | Microsoft Windows GDI metafile integer overflow attempt RuleID : 37878 - Revision : 1 - Type : FILE-IMAGE |
2016-04-05 | Microsoft Windows GDI metafile integer overflow attempt RuleID : 37877 - Revision : 1 - Type : FILE-IMAGE |
2016-04-05 | Microsoft Windows GDI metafile integer overflow attempt RuleID : 37876 - Revision : 1 - Type : FILE-IMAGE |
2015-06-03 | Microsoft Windows wmf integer overflow attempt RuleID : 34294 - Revision : 2 - Type : FILE-IMAGE |
2015-06-03 | Microsoft Windows wmf integer overflow attempt RuleID : 34293 - Revision : 2 - Type : FILE-IMAGE |
2014-01-10 | Microsoft Windows wmf integer overflow attempt RuleID : 18583 - Revision : 15 - Type : FILE-IMAGE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2007-08-14 | Name : Arbitrary code can be executed on the remote host by sending a malformed file... File : smb_nt_ms07-046.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2015-05-08 13:28:06 |
|
2013-05-11 12:26:41 |
|