Advisory ID : FrSIRT/ADV-2006-3180
Rated as : Low Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-08-07
Technical Description: A vulnerability has been identified in Microsoft Windows, which could be exploited by attackers to cause a denial of service. This flaw is due to a signedness error in the GDI library (gdi32.dll) when processing malformed WMF images, which could be exploited by attackers to crash an application linked against the vulnerable library (e.g. Internet Explorer) by tricking a user into visiting a malicious web page or opening a specially crafted image.
A new unpatched vulnerability has been published, that can result in a Denial-of-Service (DoS) attack. Links from Secunia and FrSIRT are noted below.
Microsoft Windows GDI Library WMF Image Handling Remote Denial of Service Vulnerability