7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.03 Low
EPSS
Percentile
90.9%
Wine is a free implementation of Windows APIs for Unix-like systems.
H D Moore discovered that Wine implements the insecure-by-design SETABORTPROC GDI Escape function for Windows Metafile (WMF) files.
An attacker could entice a user to open a specially crafted Windows Metafile (WMF) file from within a Wine executed Windows application, possibly resulting in the execution of arbitrary code with the rights of the user running Wine.
There is no known workaround at this time.
All Wine users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/wine-0.9.0"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | app-emulation/wine | < 20060000 | UNKNOWN |