TITLE: Microsoft Windows WMF/EMF File Rendering Arbitrary Code Execution SECUNIA ADVISORY ID: SA17498
VERIFY ADVISORY: http://secunia.com/advisories/17498/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote OPERATING SYSTEM: Microsoft Windows 2000 Advanced Server http://secunia.com/product/21/ Microsoft Windows 2000 Datacenter Server http://secunia.com/product/1177/ Microsoft Windows 2000 Professional http://secunia.com/product/1/ Microsoft Windows 2000 Server http://secunia.com/product/20/ Microsoft Windows Server 2003 Datacenter Edition http://secunia.com/product/1175/ Microsoft Windows Server 2003 Enterprise Edition http://secunia.com/product/1174/ Microsoft Windows Server 2003 Standard Edition http://secunia.com/product/1173/ Microsoft Windows Server 2003 Web Edition http://secunia.com/product/1176/ Microsoft Windows XP Home Edition http://secunia.com/product/16/ Microsoft Windows XP Professional http://secunia.com/product/22/ DESCRIPTION: Two vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system. 1) A boundary error exists in the Graphics Rendering Engine when rendering certain malformed Windows Metafile (WMF) and Enhanced Metafile (EMF) image files. This can be exploited to execute arbitrary code on a user's system via a specially crafted WMF/EMF file. 2) A boundary error exists in the rendering of certain malformed Windows Metafile (WMF) image files. This can be exploited to execute arbitrary code on a user's system via a specially crafted WMF file. Vulnerability #1 and #2 reportedly affects any program that renders the affected image types and can be exploited by e.g. tricking the user to open a malicious WMF/EMF file, or to view a folder that contains the image. The vulnerabilities are also reportedly exploitable by embedding the image in an Office document, or by convincing the user to view an HTML email in Outlook containing an image attachment, or via a malicious web site. SOLUTION: Apply patches. Microsoft Windows 2000 (requires SP 4): http://www.microsoft.com/downloads/details.aspx?FamilyId=F361FCCB-B273-47E7-BB15-BC9C27073446 Microsoft Windows XP (requires SP 1 or SP 2): http://www.microsoft.com/downloads/details.aspx?FamilyId=E38372B2-3BF6-4393-B9A4-F34248C8073E Microsoft Windows XP Professional x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=086C6878-916C-4A4F-8CA8-A4C0E304FDA4 Microsoft Windows Server 2003 (with or without SP 1): http://www.microsoft.com/downloads/details.aspx?FamilyId=CEE3DD3B-3C20-47A9-8BBD-1EA2FBB4AF96 Microsoft Windows Server 2003 (Itanium) (with or without SP 1): http://www.microsoft.com/downloads/details.aspx?FamilyId=CCFF22BB-ADC4-4974-813C-7721BDB842C0 Microsoft Windows Server 2003 x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=F1ADB6E4-0A08-496C-B94C-A1B37178914A ORIGINAL ADVISORY: MS05-053 (KB896424): http://www.microsoft.com/technet/security/Bulletin/MS05-053.mspx OTHER REFERENCES: SA14631: http://secunia.com/advisories/14631/ ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
