Vulnerability Note VU#134756
Microsoft Windows buffer overflow in Enhanced Metafile rendering API
Microsoft Windows Enhanced Metafile Format image rendering routines contain a buffer overflow flaw that may allow an attacker to cause a denial-of-service condition.
Microsoft describes the Enhanced Metafile Format (EMF) as the following:
An EMF image is a 32-bit format that can contain both vector information and bitmap information. This format is an improvement over the Windows Metafile Format and contains extended features. For more information about image types and formats, see Microsoft Knowledge Base Article 320314. Additional information about these file formats is also available at the MSDN Library Web Site.
The Microsoft Windows EMF rendering routines may fail to properly check a buffer length, possibly resulting in a crash of the affected application or in the application failing to respond. Any program that uses these routines to render a specially-crafted image file is vulnerable to the issue.
Proof of concept code related to this issue is known to be available at this time.
A remote, unauthenticated attacker may cause an affected application to stop responding or crash.
Apply an update
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||-||08 Nov 2005|
CVSS Metrics (Learn More)
Thanks to Microsoft and Hongzen Zhou for reporting this vulnerability.
This document was written by Ken MacInnis.
- CVE IDs: CVE-2005-0803
- Date Public: 18 Mar 2005
- Date First Published: 08 Nov 2005
- Date Last Updated: 09 Nov 2005
- Severity Metric: 7.56
- Document Revision: 16
If you have feedback, comments, or additional information about this vulnerability, please send us email.