Jump to content
TCH-Thomas

Ms Windows Wmf/emf Vulnerability

Recommended Posts

Secunia writes

Microsoft Windows WMF/EMF File Rendering Arbitrary Code Execution

 

Description:

Two vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system.

 

1) A boundary error exists in the Graphics Rendering Engine when rendering certain malformed Windows Metafile (WMF) and Enhanced Metafile (EMF) image files. This can be exploited to execute arbitrary code on a user's system via a specially crafted WMF/EMF file.

 

2) A boundary error exists in the rendering of certain malformed Windows Metafile (WMF) image files. This can be exploited to execute arbitrary code on a user's system via a specially crafted WMF file.

 

Vulnerability #1 and #2 reportedly affects any program that renders the affected image types and can be exploited by e.g. tricking the user to open a malicious WMF/EMF file, or to view a folder that contains the image. The vulnerabilities are also reportedly exploitable by embedding the image in an Office document, or by convincing the user to view an HTML email in Outlook containing an image attachment, or via a malicious web site.

 

Solution:

Apply patches.

 

There are different patches for different Windows versions. So click the "Secunia writes" link above and see if you are vulnerable. If so, patch it. :)

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...