Home > Exploits > Operating System > Microsoft Graphics Rendering Engine Vulnerability

Vulnerability: Microsoft Graphics Rendering Engine Vulnerability

Alternate: Microsoft Windows Metafile Vulnerability

CERT: 181038

CVE: CVE-2005-4560

FRSIRT: ADV-2005-3086

Microsoft: MS06-001

Secunia Advisories: SA18255 and SA18364

Credit: Dan Hubbard

Vulnerable: Microsoft Windows 2000 SP4, Microsoft Windows XP SP1 and SP2, Microsoft Windows XP Professional x64 Edition, Microsoft Windows Server 2003 and SP1, Microsoft Windows Server 2003 for Itanium-based systems, Microsoft Windows Server 2003 x64 Edition, Microsoft Windows 98 and SE, Microsoft Windows ME

Patch: A vendor-supplied patch is available

Remote code execution vulnerability exists in the Graphics Rendering Engine of the above Operating Systems because of the way it handles Windows Metafile (WMF) images.  A specially crafted WMF image could allow remote code execution, and therefore an attacker could exploit this vulnerability to successfully takeover complete control of an affected system.  A Windows Metafile (WMF) image is a 16-bit metafile format that contains both vector and bitmap information.  The Graphics Rendering Engine handles WMF files containing SETABORTPROC escape records incorrectly.  SETABORTPROC escape records perform arbitrary user-defined functions when the rendering of a WMF file fails.  The SHIMGVW.DLL file is responsible for this handling and processing.  The Microsoft Graphics Rendering Engine Vulnerability or Microsoft Windows Metafile Vulnerability is a zero-day vulnerability.

Copyright (c) 2006, 2008  A. Ryan Robbins.  All Rights Reserved.