Microsoft Windows Metafile Code Execution

2004-04-13T17:50:33
ID OSVDB:5252
Type osvdb
Reporter Yuji Ukai(alert@eEye.com)
Modified 2004-04-13T17:50:33

Description

Vulnerability Description

A remote overflow exists in Windows. The GDI32.dll PlayMetaFileRecord() API fails to validate Windows metafile-format images resulting in a heap overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Short Description

A remote overflow exists in Windows. The GDI32.dll PlayMetaFileRecord() API fails to validate Windows metafile-format images resulting in a heap overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

US-CERT Cyber Security Alert: TA04-104A Security Tracker: 1009756 Security Tracker: 1009768 Secunia Advisory ID:11064 Related OSVDB ID: 5261 Related OSVDB ID: 5251 Related OSVDB ID: 5254 Related OSVDB ID: 5255 Related OSVDB ID: 5256 Related OSVDB ID: 5260 Related OSVDB ID: 5249 Related OSVDB ID: 5257 Related OSVDB ID: 5248 Related OSVDB ID: 5250 Related OSVDB ID: 5253 Related OSVDB ID: 5258 Related OSVDB ID: 5259 Other Advisory URL: http://www.eeye.com/html/research/advisories/AD20040413F.html OVAL ID: 897 OVAL ID: 1064 OVAL ID: 959 Nessus Plugin ID:12209 Microsoft Security Bulletin: MS04-011 ISS X-Force ID: 15818 CVE-2003-0906 CIAC Advisory: o-114 CERT VU: 547028