TCH-Thomas Posted November 8, 2005 Posted November 8, 2005 Secunia writes Microsoft Windows WMF/EMF File Rendering Arbitrary Code Execution Description: Two vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system. 1) A boundary error exists in the Graphics Rendering Engine when rendering certain malformed Windows Metafile (WMF) and Enhanced Metafile (EMF) image files. This can be exploited to execute arbitrary code on a user's system via a specially crafted WMF/EMF file. 2) A boundary error exists in the rendering of certain malformed Windows Metafile (WMF) image files. This can be exploited to execute arbitrary code on a user's system via a specially crafted WMF file. Vulnerability #1 and #2 reportedly affects any program that renders the affected image types and can be exploited by e.g. tricking the user to open a malicious WMF/EMF file, or to view a folder that contains the image. The vulnerabilities are also reportedly exploitable by embedding the image in an Office document, or by convincing the user to view an HTML email in Outlook containing an image attachment, or via a malicious web site. Solution: Apply patches. There are different patches for different Windows versions. So click the "Secunia writes" link above and see if you are vulnerable. If so, patch it. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.