Microsoft Windows 2000 GDI32.DLL denial of service

win-2000-gdi32dll-dos (19727) The risk level is classified as LowLow Risk

Description:

Microsoft Windows is vulnerable to a denial of service attack, caused by a buffer overflow in the GDI32.DLL GetEnhMetaFilePaletteEntries() API function. By sending specially-crafted EMF files to a victim as an email attachment and tricking the victim into opening the attachment or by hosting it on a Web site and persuading the victim to visit the Web site, a remote attacker can cause a denial of service.

Platforms Affected:

  • Microsoft, Windows 2000 SP4
  • Microsoft, Windows 2003
  • Microsoft, Windows 2003 Server Itanium
  • Microsoft, Windows 2003 Server x64
  • Microsoft, Windows 2003 Server SP1
  • Microsoft, Windows 2003 Server SP1 Itanium
  • Microsoft, Windows XP SP1
  • Microsoft, Windows XP SP2
  • Microsoft, Windows XP Professional x64

Remedy:

Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS05-053. See References.

Consequences:

Denial of Service

References:

  • BugTraq Mailing List, Thu Mar 17 2005 - 04:16:52 CST, Windows 2000 GDI32.DLL GetEnhMetaFilePaletteEntries() API specially crafted EMF file DOS vulnerability at http://archives.neohapsis.com/archives/bugtraq/2005-03/0304.html.
  • Microsoft Security Bulletin MS05-053, Vulnerabilities in Graphics Rendering Engine Could Allow Code Execution (896424) at http://www.microsoft.com/technet/security/Bulletin/MS05-053.mspx.
  • BID-12834: Microsoft Windows Graphical Device Interface Library Denial Of Service Vulnerability
  • CVE-2005-0803: The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 allows remote attackers to cause a denial of service (application crash) via a crafted Enhanced Metafile (EMF) file that causes invalid (1) end, (2) emreof, or (3) palent offsets to be used, aka Enhanced Metafile Vulnerability.
  • OSVDB ID: 20580: Microsoft Windows GetEnhMetaFilePaletteEntries() EMF File Rendering DoS
  • SA14631: Microsoft Windows EMF File Denial of Service Vulnerability
  • SA17223: Nortel Centrex IP Client Manager Multiple Vulnerabilities
  • SA17461: Avaya Products Microsoft Windows WMF/EMF Multiple Vulnerabilities
  • SECTRACK ID: 1015168: Microsoft Windows Buffer Overflows in Graphics Rendering Engine Lets Remote Users Execute Arbitrary Code
  • US-CERT VU#134756: Microsoft Windows buffer overflow in Enhanced Metafile rendering API
  • VUPEN/ADV-2005-2348: Microsoft Windows WMF/EMF File Handling Vulnerabilities (MS05-053)

Reported:

Mar 17, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page