It has been reported that Windows may be prone to a remote buffer overflow vulnerability when rendering WMF/EMF image files. An attacker could create a malicious WMF or EMF file and entice a user to view the file via an application that supports the WMF and EMF formats. Immediate consequences of this attack may result in a denial of service condition, however, it is possible that an attacker could leverage this issue to execute arbitrary code in the context of the vulnerable user. This issue may be similar to the vulnerabilities described in BID 9892 (Microsoft Windows XP explorer.exe Remote Denial of Service Vulnerability) and BID 9707 (Microsoft Windows XP explorer.exe Multiple Memory Corruption Vulnerabilities).
Do not accept or execute files from untrusted or unknown sources.
An attacker can exploit this issue by creating a malicious file and sending the file to a vulnerable user to be viewed via an affected application. Users should not accept files from untrusted or unknown sources.
Do not follow links provided by unknown or untrusted sources.
An attacker may create a malicious file and host on a web site to be viewed by a vulnerable user. The attacker would attempt to entice the user to visit the attacker?s web site. Users should not follow links supplied by unknown or untrusted sources.
Do not accept communications that originate from unknown or untrusted sources.
An attacker could also exploit this issue by sending a malicious file via an HTML e-mail to be viewed in Microsoft Outlook Express 6.0 or Outlook. User should not view HTML e-mail from untrusted or unknown sources.
Avaya has released an advisory to announce that Avaya System Products shipping on Microsoft platforms are also affected by this vulnerability. Avaya advise that customers follow the Microsoft recommendations for the resolution of this issue. The aforementioned advisory can be viewed at the following location: http://support.avaya.com/japple/css/japple?temp.groupID=&temp.selectedFamily=128451&temp.selectedProduct=154235&temp.selectedBucket=126655&temp.feedbackState=askForFeedback&temp.documentID=161384&PAGE=avaya.css.CSSLvl1Detail&executeTransaction=avaya.css.UsageUpdate() Microsoft has released a security bulletin MS04-011 with fixes to address this and other issues. Please see the referenced bulletin for more information. US-CERT has released an advisory TA04-104A to address this and other issues. Please see the referenced advisory for more information. June 15, 2004 - Microsoft has updated security bulletin MS04-011 to release a Windows NT 4.0 Workstation update for the Pan Chinese language. The Pan Chinese update should be installed by customers who installed Windows NT 4.0 Workstation for Pan Chinese update or who use the Pan Chinese product.