Microsoft Windows contains buffer overflow in processing of WMF and EMF image files

2004-10-13T00:00:00
ID VU:806278
Type cert
Reporter CERT
Modified 2004-10-13T17:01:00

Description

Overview

A vulnerability in the way the Microsoft Windows Graphics Rendering Engine processes certain types of image files could allow an attacker to execute arbitrary code on a vulnerable system.

Description

The Microsoft Windows Graphics Rendering Engine supports a number of image formats including Windows Metafile (WMF) and Enhanced Metafile (EMF). There is a vulnerability in the way a buffer is validated by the Graphics Rendering Engine when processing these image formats. Exploitation of this vulnerability could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

Microsoft reports that this vulnerability is different than the GDI+ vulnerability described in MS04-028 and that the vulnerable component is not redistributed with other applications. The affected component in the GDI+ vulnerability could be redistributed by other applications.


Impact

A remote attacker may be able to cause a denial of service or potentially execute arbitrary code on a vulnerable system by introducing a specially crafted WMF or EMF file. This malicious WMF or EMF image may be introduced to the system via a malicious web page, HTML email, or an email attachment.


Solution

Apply Patch
Microsoft has provided a patch to address this vulnerability. For a list of affected versions and details on obtaining the patch, please refer to Microsoft Security Bulletin MS04-032.


Vendor Information

806278

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Microsoft Corporation __ Affected

Updated: October 13, 2004

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please refer to Microsoft Security Bulletin MS04-032.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

CVSS Metrics

Group | Score | Vector
---|---|---
Base | |
Temporal | |
Environmental | |

References

  • <http://www.microsoft.com/technet/security/bulletin/MS04-032.mspx>
  • <http://support.microsoft.com/default.aspx?scid=kb;en-us;320314>
  • <http://securitytracker.com/alerts/2004/Oct/1011645.html>
  • <http://secunia.com/advisories/12804/>

Acknowledgements

This vulnerability was reported by Microsoft. Microsoft credits Patrick Porlan and Mark Russinovich of Winternals Software for discovering this vulnerability.

This document was written by Damon Morda and based on information provided by Microsoft.

Other Information

CVE IDs: | CVE-2004-0209
---|---
Severity Metric: | 25.31
Date Public: | 2004-10-12
Date First Published: | 2004-10-13
Date Last Updated: | 2004-10-13 17:01 UTC
Document Revision: | 11