Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Security - Unpatched Wmf Dos Vulnerability


  • Please log in to reply
No replies to this topic

#1 harrywaldron

harrywaldron

    Security Reporter


  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:12:11 AM

Posted 07 August 2006 - 02:00 PM

Advisory ID : FrSIRT/ADV-2006-3180
Rated as : Low Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-08-07

Technical Description: A vulnerability has been identified in Microsoft Windows, which could be exploited by attackers to cause a denial of service. This flaw is due to a signedness error in the GDI library (gdi32.dll) when processing malformed WMF images, which could be exploited by attackers to crash an application linked against the vulnerable library (e.g. Internet Explorer) by tricking a user into visiting a malicious web page or opening a specially crafted image.


A new unpatched vulnerability has been published, that can result in a Denial-of-Service (DoS) attack. Links from Secunia and FrSIRT are noted below.

Microsoft Windows GDI Library WMF Image Handling Remote Denial of Service Vulnerability
http://secunia.com/advisories/21377/
http://www.frsirt.com/english/advisories/2006/3180

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users