Microsoft Windows Graphics Rendering Engine PolyPolygon Function Overflow

2006-06-13T14:34:08
ID OSVDB:26431
Type osvdb
Reporter Peter Ferrie(peter_ferrie@symantec.com)
Modified 2006-06-13T14:34:08

Description

Vulnerability Description

A remote overflow exists in Windows. The Graphics Rendering Engine fails to validate Windows Metafile images resulting in a heap overflow in the PolyPolygon function. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Short Description

A remote overflow exists in Windows. The Graphics Rendering Engine fails to validate Windows Metafile images resulting in a heap overflow in the PolyPolygon function. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Secunia Advisory ID:20631 Microsoft Security Bulletin: MS06-026 Microsoft Knowledge Base Article: 918547 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0252.html Keyword: SYMSA-2006-004 FrSIRT Advisory: ADV-2006-2324 CVE-2006-2376 Bugtraq ID: 18322