|
Description
|
This indicates an attempt to exploit a vulnerability in the Microsoft Windows WMF graphics rendering engine. A remote attacker can use the SetProcAbort function in a WMF image file to include code that will execute when the image is viewed. The attacker may be able to execute arbitrary code on the system, with administrator privileges if the image is viewed by an administrator.
|
|
|
|
Impact
|
System compromise, arbitrary code execution.
|
|
|
|
Affected Products
|
Microsoft Windows 2000 SP4
Microsoft Windows XP SP1 and SP2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003 and SP1
Microsoft Windows Server 2003 for Itanium-based Systems and SP1
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE)
Microsoft Windows Millennium Edition (ME)
|
|
Aliases
|
-TAG.IE.XP.WMF.Code.Execution
IE.XP.WMF.Code.Execution
|
|
References
|
http://www.microsoft.com/technet/security/Bulletin/MS06-001.mspx
http://www.securityfocus.com/bid/16074
http://www.frsirt.com/english/advisories/2005/3086
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2005-4560
|
|
Recommended Actions
|
Microsoft Security Bulletin MS06-001 addresses this issue.
http://www.microsoft.com/technet/security/Bulletin/MS06-001.mspx
|
