Windows Metafile rendering buffer overflow

2006-05-04T00:00:00
ID SAINT:4928E1B9F5F361BD203DB9A32DC82928
Type saint
Reporter SAINT Corporation
Modified 2006-05-04T00:00:00

Description

Added: 05/04/2006
CVE: CVE-2004-0209
BID: 11375
OSVDB: 10692

Background

A Windows Metafile image is a 16-bit metafile format that can contain both vector information and bitmap information.

Problem

A buffer overflow in the Windows Graphics Rendering Engine allows command execution when a malformed Windows Metafile is rendered.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 04-032.

References

<http://www.microsoft.com/technet/security/bulletin/ms04-032.asp>

Limitations

Successful exploitation requires a user to load the exploit into Internet Explorer.

Platforms

Windows