{"vuid":"VU#312956","idnumber":"312956","name":"Microsoft WMF memory corruption vulnerability","keywords":["Microsoft","Internet Explorer","buffer overflow","WMF file","arbitrary code execution","system memory corruption","GRE","ExtEscape","ExtCreateRegion"],"overview":"Microsoft applications fail to properly handle Windows Metafile (WMF) images potentially allowing a remote attacker to execute arbitrary code on a vulnerable system.","clean_desc":"The Microsoft Windows Graphics Rendering Engine supports a number of image formats including WMF images. Windows WMF processing routines do not properly handle WMF images. This may allow a remote attacker to manipulate memory management routines resulting in a buffer overflow. Note that WMF processing is used in many Windows programs including Internet Explorer and Outlook. For more information, including a list of affected versions of Internet Explorer, please see Microsoft Security Advisory 913333 and Microsoft Security Bulletin MS06-004.","impact":"By persuading a user to open a specially crafted WMF image file, an attacker may be able to execute arbitrary code with the privileges of the user.","resolution":"This issue is corrected in Internet Explorer 6 Service Pack 1. In addition, Microsoft Security Bulletin MS06-004 contains a cumulative update to correct this vulnerability.","workarounds":"Do not accept WMF files from untrusted sources By only accessing WMF image files from trusted or known sources, the chances of exploitation are reduced.","sysaffected":"","thanks":"This issue was reported in Microsoft Security Advisory \n913333","author":"This document was written by Jeff Gennari.","public":["http://linuxbox.org/pipermail/funsec/2006-January/002828.html","http://www.microsoft.com/technet/security/advisory/913333.mspx","http://secunia.com/advisories/18729/","http://www.microsoft.com/windows/ie/downloads/critical/ie6sp1/default.mspx","http://www.microsoft.com/technet/security/Bulletin/MS06-004.mspx"],"cveids":["CVE-2006-0020"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-02-08T20:12:18Z","publicdate":"2006-01-09T00:00:00Z","datefirstpublished":"2006-02-09T17:47:47Z","dateupdated":"2006-02-14T19:52:18Z","revision":31,"vrda_d1_directreport":"0","vrda_d1_population":"4","vrda_d1_impact":"3","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"5","cam_population":"20","cam_impact":"18","cam_easeofexploitation":"11","cam_attackeraccessrequired":"13","cam_scorecurrent":"19.305","cam_scorecurrentwidelyknown":"24.13125","cam_scorecurrentwidelyknownexploited":"43.43625","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":19.305,"vulnote":null}