Overview
Microsoft applications fail to properly handle Windows Metafile (WMF) images potentially allowing a remote attacker to execute arbitrary code on a vulnerable system.
Description
The Microsoft Windows Graphics Rendering Engine supports a number of image formats including WMF images. Windows WMF processing routines do not properly handle WMF images. This may allow a remote attacker to manipulate memory management routines resulting in a buffer overflow. Note that WMF processing is used in many Windows programs including Internet Explorer and Outlook. For more information, including a list of affected versions of Internet Explorer, please see Microsoft Security Advisory 913333 and Microsoft Security Bulletin MS06-004. |
Impact
By persuading a user to open a specially crafted WMF image file, an attacker may be able to execute arbitrary code with the privileges of the user. |
Solution
This issue is corrected in Internet Explorer 6 Service Pack 1. In addition, Microsoft Security Bulletin MS06-004 contains a cumulative update to correct this vulnerability. |
Do not accept WMF files from untrusted sources
|
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- http://linuxbox.org/pipermail/funsec/2006-January/002828.html
- http://www.microsoft.com/technet/security/advisory/913333.mspx
- http://secunia.com/advisories/18729/
- http://www.microsoft.com/windows/ie/downloads/critical/ie6sp1/default.mspx
- http://www.microsoft.com/technet/security/Bulletin/MS06-004.mspx
Acknowledgements
This issue was reported in Microsoft Security Advisory 913333.
This document was written by Jeff Gennari.
Other Information
| CVE IDs: | CVE-2006-0020 |
| Severity Metric: | 19.31 |
| Date Public: | 2006-01-09 |
| Date First Published: | 2006-02-09 |
| Date Last Updated: | 2006-02-14 19:52 UTC |
| Document Revision: | 31 |