Microsoft Windows GDI WMF Handling Heap Overflow Vulnerability

Description The Microsoft Windows GDI Graphics Rendering Engine is prone to a heap-overflow vulnerability. This issue is exposed when the component loads a specially crafted WMF Windows Metafile image. If this issue is exploited, a malicious WMF or EMF file could potentially corrupt heap-based...

Windows Metafile rendering buffer overflow

Added: 05/04/2006 CVE: CVE-2004-0209 BID: 11375 OSVDB: 10692 Background A Windows Metafile image is a 16-bit metafile format that can contain both vector information and bitmap information. Problem A buffer overflow in the Windows Graphics Rendering Engine allows command execution when a malforme...

Windows Metafile rendering buffer overflow

Added: 05/04/2006 CVE: CVE-2004-0209 BID: 11375 OSVDB: 10692 Background A Windows Metafile image is a 16-bit metafile format that can contain both vector information and bitmap information. Problem A buffer overflow in the Windows Graphics Rendering Engine allows command execution when a malforme...

Windows Metafile rendering buffer overflow

Added: 05/04/2006 CVE: CVE-2004-0209 BID: 11375 OSVDB: 10692 Background A Windows Metafile image is a 16-bit metafile format that can contain both vector information and bitmap information. Problem A buffer overflow in the Windows Graphics Rendering Engine allows command execution when a malforme...

CVE-2006-1045

The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP...

mozThunDoS.txt

Mozilla Thunderbird : Remote Code Execution & Denial of Service //----- Advisory Program : Mozilla Thunderbird Homepage : http://www.mozilla.com/thunderbird/ Tested version : Denial of service application crash : iframe src="javascript:parent.document.write'Found by www.s...

Design/Logic Flaw

The WYSIWYG rendering engine "rich mail" editor in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which i...

[UPDATE]Microsoft Windows GRE WMF Format Multiple Unauthorized Memory Access Vulnerabilities

Microsoft Windows GRE WMF Format Multiple Unauthorized Memory Access Vulnerabilities //this bug report is update for Microsoft Windows GRE WMF Format Multiple Memory Overrun Vulnerabilities by cocoruder 2006.01.07 by cocoruder page:http://ruder.cdut.net email:frankruderathotmail.com Last...

Microsoft Windows GRE WMF Format Multiple Memory Overrun Vulnerabilities

Microsoft Windows GRE WMF Format Multiple Memory Overrun Vulnerabilities by cocoruder page:http://ruder.cdut.net email:frankruderathotmail.com Last Update:2006.01.07 class:design error Remote:yes local:yes Product Affected: Microsoft Windows XP SP2 Microsoft Windows XP SP1 Microsoft Windows Serve...

Code injection

Microsoft Windows Graphics Rendering Engine GRE allows remote attackers to corrupt memory and cause a denial of service crash via a WMF file containing 1 ExtCreateRegion or 2 ExtEscape function calls with arguments with inconsistent lengths...

CVE-2006-0143

Microsoft Windows Graphics Rendering Engine GRE allows remote attackers to corrupt memory and cause a denial of service crash via a WMF file containing 1 ExtCreateRegion or 2 ExtEscape function calls with arguments with inconsistent lengths...

CVE-2006-0143

The Connected advisory CPAI-2006-171 documents a denial-of-service flaw in Microsoft Windows’ Graphics Rendering Engine (GRE) when parsing certain WMF files. Specifically, a crafted WMF with ExtCreateRegion or ExtEscape calls can trigger a memory read/parse error in GRE, causing the host applicat...

CVE-2006-0143

Microsoft Windows Graphics Rendering Engine GRE allows remote attackers to corrupt memory and cause a denial of service crash via a WMF file containing 1 ExtCreateRegion or 2 ExtEscape function calls with arguments with inconsistent lengths...

Microsoft Windows - Graphics Rendering Engine Multiple Memory Corruption Vulnerabilities

source: https://www.securityfocus.com/bid/16167/info Microsoft Windows WMF graphics-rendering engine is affected by multiple memory-corruption vulnerabilities. These issues affect the 'ExtCreateRegion' and 'ExtEscape' functions. These problems present themselves when a user views a malicious...

MS06-001: Vulnerabilities in Graphics Rendering Engine Could Allow Code Execution (912919)

The remote host contains a version of Microsoft Windows that is missing a critical security update that fixes several vulnerabilities in the Graphic Rendering Engine, and in the way Windows handles Metafiles. An attacker could exploit these flaws to execute arbitrary code on the remote host. To...

Microsoft Windows Graphics Rendering Engine WMF SetAbortProc Code Execution Vulnerability

Description Microsoft Windows WMF graphics rendering engine is affected by a remote code-execution vulnerability. This issue affects the 'SetAbortProc' function. The problem presents itself when a user views a malicious WMF formatted file, triggering the vulnerability when the engine attempts to...

PT-2005-5230 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: A remote code execution issue exists in the Graphics Rendering Engine due to its handling of Windows Metafile WMF images. An attacker could exploit this by creating a specially crafted WMF...

CVE-2005-2124

The CVE-2005-2124 entry concerns a vulnerability in the Windows Graphics Rendering Engine (GDI32.DLL) affecting Windows 2000 SP4, XP SP1/SP2, and Server 2003 SP1. The flaw stems from an unchecked buffer in WMF handling, enabling remote code execution via a crafted Windows Metafile image. Exploita...

Microsoft Security Bulletin MS05-053 Vulnerabilities in Graphics Rendering Engine Could Allow Code Execution (896424)

Microsoft Security Bulletin MS05-053 Vulnerabilities in Graphics Rendering Engine Could Allow Code Execution 896424 Published: November 8, 2005 Version: 1.0 Summary Who should read this document: Customers who use Microsoft Windows Impact of Vulnerability: Remote Code Execution Maximum Severity...

Microsoft Windows Graphics Rendering Engine WMF Format Code Execution Vulnerability

Description Microsoft Windows WMF graphics rendering engine is affected by a remote code execution vulnerability. The problem presents itself when a user views a malicious WMF formatted file, triggering the vulnerability when the engine attempts to parse the file. A malicious file can cause an...