Windows WMF handling vulnerability

2005-12-30T00:00:00
ID SAINT:EDD52BAC9AAC6ACF062E1379933787EE
Type saint
Reporter SAINT Corporation
Modified 2005-12-30T00:00:00

Description

Added: 12/30/2005
CVE: CVE-2005-4560
BID: 16074
OSVDB: 21987

Background

A Windows Metafile (WMF) image is a 16-bit metafile format that can contain both vector information and bitmap information.

Problem

A flaw in the way specially crafted WMF images are handled can allow arbitrary command execution when the image is rendered.

Resolution

Apply one of the workarounds referenced in Microsoft Advisory 912840.

References

<http://www.microsoft.com/technet/security/advisory/912840.mspx>

Limitations

Exploit works on Internet Explorer 6.0.

Platforms

Windows