Microsoft Windows Knowledge Base Article 912919 update is not installed
| win-ms06kb912919-update (23978) |  High Risk |
Description:
Microsoft Knowledge Base Article 912919 is not installed, which could allow a remote attacker to exploit the following vulnerability:
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by applications that use gdi32.dll to parse and display Windows Meta File (WMF) files. The vulnerability is in the SETABORTPROC function.The Windows Picture and Fax viewer is the default application to handle files with the .wmf extension. A remote attacker could create a specially-crafted .wmf file containing an image and trick the victim into opening the file or previewing the file with a vulnerable version of the DLL, allowing the attacker to execute arbitrary code on the system with privileges of the victim. If Internet Explorer is used to browse to a Web site containing a malicious .wmf file, the victim¿s system may be automatically infected. Mozilla Firefox systems are also reportedly vulnerable if the victim chooses to download or execute the malicious file. An attacker could also exploit this vulnerability by embedding the WMF file within another file for example, a Word Document.
Consequences:
Gain Access
Remedy:
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS06-001. See References.
References:
- F-Secure : News from the Lab Wednesday, December 28, 2005: New WMF 0-day exploit.
- IBM Internet Security Systems X-Force Database: Microsoft Windows .wmf file code execution.
- Internet Security Systems Protection Alert December 28, 2005: Microsoft Picture and Fax Viewer WMF Buffer Overflow.
- Microsoft Security Advisory (912840): Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution..
- Microsoft Security Bulletin MS06-001: Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919).
- Microsoft.com Web site: Windows Picture and Fax Viewer overview.
- US-CERT Technical Cyber Security Alert TA05-362A: Microsoft Windows Metafile Handling Buffer Overflow.
- US-CERT Vulnerability Note VU#181038: Q-085: Microsoft Windows Metafile File (WMF) Vulnerability.
- CVE-2005-4560: The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and CVE-2005-2124, and as originally discovered in the wild on unionseek.com.
Platforms Affected:
- Microsoft Windows 2000 SP4
- Microsoft Windows 2003
- Microsoft Windows 2003 Server x64
- Microsoft Windows 2003 Server SP1 Itanium
- Microsoft Windows 2003 Server SP1
- Microsoft Windows 2003 Server Itanium
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows Me
- Microsoft Windows NT 4.0
- Microsoft Windows XP SP1
- Microsoft Windows XP x64 Professional
- Microsoft Windows XP SP2
Reported:
Jan 10, 2005
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net