2 matches found
Microsoft Windows WMF Handling Arbitrary Code Execution (CVE-2005-4560)
There exists a code execution vulnerability in Microsoft Windows. The vulnerability is created by unrestricted access to GDI functions through WMF files. An attacker can exploit this vulnerability to supply and execute arbitrary code through calling a specific GDI function via a crafted WMF file...
Sql injection
Unspecified kernel GDI functions in Microsoft Windows 2000 SP4; XP SP2; and Server 2003 Gold, SP1, and SP2 allows user-assisted remote attackers to cause a denial of service possibly persistent restart via a crafted Windows Metafile WMF image that causes an invalid dereference of an offset in a...