Lucene search

K
cve[email protected]CVE-2005-2123
HistoryNov 29, 2005 - 9:03 p.m.

CVE-2005-2123

2005-11-2921:03:00
NVD-CWE-Other
web.nvd.nist.gov
23
windows
gdi32.dll
integer overflow
code execution
wmf
emf
security
vulnerability
nvd
cve-2005-2123

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.397 Low

EPSS

Percentile

97.2%

Multiple integer overflows in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allow remote attackers to execute arbitrary code via crafted Windows Metafile (WMF) and Enhanced Metafile (EMF) format images that lead to heap-based buffer overflows, as demonstrated using MRBP16::bCheckRecord.

References

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.397 Low

EPSS

Percentile

97.2%

Related for CVE-2005-2123