Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

   


   


   

















      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [SA17498] Microsoft Windows WMF/EMF File Rendering Arbitrary Code Execution



> 
> TITLE:
> Microsoft Windows WMF/EMF File Rendering Arbitrary Code Execution
> 
> SECUNIA ADVISORY ID:
> SA17498
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/17498/
> 
> CRITICAL:
> Highly critical
> 
> IMPACT:
> System access
> 
> WHERE:
> From remote
> 
> OPERATING SYSTEM:
> Microsoft Windows 2000 Advanced Server
> http://secunia.com/product/21/
> Microsoft Windows 2000 Datacenter Server
> http://secunia.com/product/1177/
> Microsoft Windows 2000 Professional
> http://secunia.com/product/1/
> Microsoft Windows 2000 Server
> http://secunia.com/product/20/
> Microsoft Windows Server 2003 Datacenter Edition
> http://secunia.com/product/1175/
> Microsoft Windows Server 2003 Enterprise Edition
> http://secunia.com/product/1174/
> Microsoft Windows Server 2003 Standard Edition
> http://secunia.com/product/1173/
> Microsoft Windows Server 2003 Web Edition
> http://secunia.com/product/1176/
> Microsoft Windows XP Home Edition
> http://secunia.com/product/16/
> Microsoft Windows XP Professional
> http://secunia.com/product/22/
> 
> DESCRIPTION:
> Two vulnerabilities have been reported in Microsoft Windows, which
> can be exploited by malicious people to compromise a vulnerable
> system.
> 
> 1) A boundary error exists in the Graphics Rendering Engine when
> rendering certain malformed Windows Metafile (WMF) and Enhanced
> Metafile (EMF) image files. This can be exploited to execute
> arbitrary code on a user's system via a specially crafted WMF/EMF
> file.
> 
> 2) A boundary error exists in the rendering of certain malformed
> Windows Metafile (WMF) image files. This can be exploited to execute
> arbitrary code on a user's system via a specially crafted WMF file.
> 
> Vulnerability #1 and #2 reportedly affects any program that renders
> the affected image types and can be exploited by e.g. tricking the
> user to open a malicious WMF/EMF file, or to view a folder that
> contains the image. The vulnerabilities are also reportedly
> exploitable by embedding the image in an Office document, or by
> convincing the user to view an HTML email in Outlook containing an
> image attachment, or via a malicious web site.
> 
> SOLUTION:
> Apply patches.
> 
> Microsoft Windows 2000 (requires SP 4):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=F361F
> CCB-B273-47E7-BB15-BC9C27073446
> 
> Microsoft Windows XP (requires SP 1 or SP 2):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=E3837
> 2B2-3BF6-4393-B9A4-F34248C8073E
> 
> Microsoft Windows XP Professional x64 Edition:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=086C6
> 878-916C-4A4F-8CA8-A4C0E304FDA4
> 
> Microsoft Windows Server 2003 (with or without SP 1):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=CEE3D
> D3B-3C20-47A9-8BBD-1EA2FBB4AF96
> 
> Microsoft Windows Server 2003 (Itanium) (with or without SP 1):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=CCFF2
> 2BB-ADC4-4974-813C-7721BDB842C0
> 
> Microsoft Windows Server 2003 x64 Edition:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=F1ADB
> 6E4-0A08-496C-B94C-A1B37178914A
> 
> PROVIDED AND/OR DISCOVERED BY:
> 1) eEye Digital Security.
> 2) Venustech AdDLab, eEye Digital Security, and Peter Ferrie of
> Symantec Security Response.
> 
> ORIGINAL ADVISORY:
> MS05-053 (KB896424):
> http://www.microsoft.com/technet/security/Bulletin/MS05-053.mspx
> 
> OTHER REFERENCES:
> SA14631:
> http://secunia.com/advisories/14631/
> 




 




Copyright © Lexa Software, 1996-2009.