SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips
 

Vulnerability Note VU#134756

Microsoft Windows buffer overflow in Enhanced Metafile rendering API

Overview

Microsoft Windows Enhanced Metafile Format image rendering routines contain a buffer overflow flaw that may allow an attacker to cause a denial-of-service condition.

I. Description

Microsoft describes the Enhanced Metafile Format (EMF) as the following:

    An EMF image is a 32-bit format that can contain both vector information and bitmap information. This format is an improvement over the Windows Metafile Format and contains extended features. For more information about image types and formats, see Microsoft Knowledge Base Article 320314. Additional information about these file formats is also available at the MSDN Library Web Site.


The Microsoft Windows EMF rendering routines may fail to properly check a buffer length, possibly resulting in a crash of the affected application or in the application failing to respond. Any program that uses these routines to render a specially-crafted image file is vulnerable to the issue.

Proof of concept code related to this issue is known to be available at this time.

II. Impact

A remote, unauthenticated attacker may cause an affected application to stop responding or crash.

III. Solution

Apply an update

Please see Microsoft Security Bulletin MS05-053 for details on updates, workarounds, and solutions.

Do not access EMF files from untrusted sources

Exploitation occurs by accessing a specially crafted EMF file (typically .emf). By only accessing EMF files from trusted or known sources, the chances of exploitation are reduced.

Attackers may host malicious EMF files on a website. In order to convince users to visit their sites, those attackers often use URL encoding, IP address variations, long URLs, intentional misspellings, and other techniques to create misleading links. Do not click on unsolicited links received in email, instant messages, web forums, or internet relay chat (IRC) channels. Type URLs directly into the browser to avoid these misleading links. While these are generally
good security practices, following these behaviors will not prevent exploitation of this vulnerability in all cases, particularly if a trusted site has been compromised or allows cross-site scripting.

Systems Affected

VendorStatusDate Updated
Microsoft CorporationVulnerable8-Nov-2005

References


http://secunia.com/advisories/14631/
http://www.securityfocus.com/bid/12834/info/
http://www.securityfocus.com/archive/1/393571
http://www.microsoft.com/technet/security/Bulletin/MS05-053.mspx

Credit

Thanks to Microsoft and Hongzen Zhou for reporting this vulnerability.

This document was written by Ken MacInnis.

Other Information

Date Public03/18/2005
Date First Published11/08/2005 03:30:11 PM
Date Last Updated11/09/2005
CERT Advisory 
CVE-ID(s)CVE-2005-0803
NVD-ID(s)CVE-2005-0803
US-CERT Technical Alerts 
Metric7.56
Document Revision16

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2005 by US-CERT, a government organization
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader