TUCoPS :: Windows :: b06-2991.htm

Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution
SYMSA-2006-004: Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution
SYMSA-2006-004: Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution



-----BEGIN PGP SIGNED MESSAGE-----=0D
Hash: SHA1=0D
=0D
                     Symantec Vulnerability Research=0D
http://www.symantec.com/research=0D 
                           Security Advisory=0D
=0D
Advisory ID   : SYMSA-2006-004=0D
Advisory Title: Vulnerability in Graphics Rendering Engine Could=0D
                Allow Remote Code Execution=0D
Author : Peter Ferrie / peter_ferrie@symantec.com=0D 
Release Date  : 06-13-2006=0D
Application   : Those which utilize the vulnerable function on=0D
                affected platforms=0D
Platform      : Windows 98, Windows 98 Second Edition, Windows=0D
                Millennium Edition=0D
Severity      : Remotely exploitable arbitrary code execution=0D
Vendor status : Vendor verified, patch available (See MS06-026=0D
                and KB918547)=0D
CVE Number    : CVE-2006-2376=0D
Reference : http://www.securityfocus.com/bid/18322=0D 
=0D
=0D
Overview:=0D
=0D
        A remote code execution vulnerability exists in the=0D
        Graphics Rendering Engine because of the way that it=0D
        handles Windows Metafile (WMF) images.=0D
=0D
        An attacker could exploit this by placing a specially=0D
        crafted WMF or EMF image on a webpage, or by sending=0D
        the image as an attachment in an e-mail.  The exploit=0D
        is triggered by viewing the specially crafted image=0D
        file.  No user interaction is required.=0D
=0D
        An attacker who successfully exploited this vulnerability=0D
        could take complete control of the affected system.=0D
=0D
=0D
Details:=0D
=0D
        A heap overflow vulnerability exists in the WMF=0D
        PolyPolygon function, because of an unchecked user-=0D
        supplied parameter.=0D
=0D
        
=0D =0D The manner of the heap corruption is under user control,=0D which can result in the execution of arbitrary code.=0D =0D =0D Vendor Response:=0D =0D The above vulnerability was addressed for the affected=0D platforms via Microsoft Security Bulletin MS06-026. If=0D there are any further questions about this statement,=0D please contact secure@microsoft.com.=0D =0D =0D Recommendation:=0D =0D Follow your organization's testing procedures before=0D applying patches or workarounds. Customers should apply=0D Microsoft's update as soon as possible.=0D =0D =0D Common Vulnerabilities and Exposures (CVE) Information:=0D =0D The Common Vulnerabilities and Exposures (CVE) project has assigned=0D the following names to these issues. These are candidates for=0D inclusion in the CVE list (http://cve.mitre.org), which standardizes=0D names for security problems.=0D =0D =0D CVE-2006-2376=0D =0D - -------Symantec Vulnerability Research Advisory Information-------=0D =0D For questions about this advisory, or to report an error:=0D research@symantec.com=0D =0D For details on Symantec's Vulnerability Reporting Policy:=0D http://www.symantec.com/research/Symantec-Responsible-Disclosure.pdf=0D =0D Symantec Vulnerability Research Advisory Archive:=0D http://www.symantec.com/research/=0D =0D Symantec Vulnerability Research GPG Key:=0D http://www.symantec.com/research/Symantec_Vulnerability_Research_GPG.asc=0D =0D - -------------Symantec Product Advisory Information-------------=0D =0D To Report a Security Vulnerability in a Symantec Product:=0D secure@symantec.com=0D =0D For general information on Symantec's Product Vulnerability=0D reporting and response:=0D http://www.symantec.com/security/=0D =0D Symantec Product Advisory Archive:=0D http://www.symantec.com/avcenter/security/SymantecAdvisories.html=0D =0D Symantec Product Advisory PGP Key:=0D http://www.symantec.com/security/Symantec-Vulnerability-Management-Key.asc=0D =0D - ---------------------------------------------------------------=0D =0D Copyright (c) 2006 by Symantec Corp.=0D Permission to redistribute this alert electronically is granted=0D as long as it is not edited in any way unless authorized by=0D Symantec Consulting Services. Reprinting the whole or part of=0D this alert in any medium other than electronically requires=0D permission from cs_advisories@symantec.com.=0D =0D Disclaimer=0D The information in the advisory is believed to be accurate at the=0D time of publishing based on currently available information. Use=0D of the information constitutes acceptance for use in an AS IS=0D condition. There are no warranties with regard to this information.=0D Neither the author nor the publisher accepts any liability for any=0D direct, indirect, or consequential loss or damage arising from use=0D of, or reliance on, this information.=0D =0D Symantec, Symantec products, and Symantec Consulting Services are=0D registered trademarks of Symantec Corp. and/or affiliated companies=0D in the United States and other countries. All other registered and=0D unregistered trademarks represented in this document are the sole=0D property of their respective companies/owners.=0D -----BEGIN PGP SIGNATURE-----=0D Version: GnuPG v1.4.3 (MingW32)=0D =0D iD8DBQFEjiJauk7IIFI45IARAhDpAJ9suM2cNtSO8OY+OoO+NWnaNy/VNACg8Ixa=0D e92coR0Imhk0LTFG10DxDAA==0D =M1uw=0D -----END PGP SIGNATURE-----=0D

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH