Microsoft Windows GetEnhMetaFilePaletteEntries() EMF File Rendering DoS

2005-11-08T15:21:08
ID OSVDB:20580
Type osvdb
Reporter Felix Zhou(felix_zhou@hotmail.com)
Modified 2005-11-08T15:21:08

Description

Vulnerability Description

Windows contains a flaw that may allow a remote denial of service. The issue is triggered when a malformed EMF file is processed by the GetEnhMetaFilePaletteEntries() function, and will result in loss of availability for the application.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Short Description

Windows contains a flaw that may allow a remote denial of service. The issue is triggered when a malformed EMF file is processed by the GetEnhMetaFilePaletteEntries() function, and will result in loss of availability for the application.

References:

Vendor Specific Advisory URL Secunia Advisory ID:17461 Secunia Advisory ID:14631 Microsoft Security Bulletin: MS05-053 Microsoft Knowledge Base Article: 896424 Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=111108743527497&w=2 Generic Informational URL: http://news.com.com/Image-handling+flaws+put+Windows+PCs+at+risk/2100-1002_3-5940047.html CVE-2005-0803 Bugtraq ID: 12834