Vulnerability Name:

CVE-2003-0906 (CCN-15284)

Assigned:2003-11-04
Published:2004-02-23
Updated:2018-10-12
Summary:Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image.
CVSS v3 Severity:9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.6 High (CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Fri Feb 20 2004 - 12:45:39 CST
Windows XP explorer.exe heap overflow

Source: CCN
Type: BugTraq Mailing List, Mon Feb 23 2004 - 15:31:07 CST
Re: Windows XP explorer.exe heap overflow.

Source: MITRE
Type: CNA
CVE-2003-0906

Source: CCN
Type: CIAC Information Bulletin O-114
Microsoft Security Update for Microsoft Windows [REVISED 25 Jun 2004]

Source: CCN
Type: US-CERT VU#547028
Microsoft Windows contains buffer overflow in processing of WMF and EMF image formats

Source: CERT-VN
Type: Patch, Third Party Advisory, US Government Resource
VU#547028

Source: CCN
Type: Microsoft Security Bulletin MS04-011
Security Update for Microsoft Windows (835732)

Source: BID
Type: UNKNOWN
10120

Source: CCN
Type: BID-10120
Microsoft Windows WMF/EMF Image Formats Remote Buffer Overflow Vulnerability

Source: CCN
Type: BID-9707
Microsoft Windows XP explorer.exe Multiple Memory Corruption Vulnerabilities

Source: CERT
Type: Third Party Advisory, US Government Resource
TA04-104A

Source: CCN
Type: Internet Security Systems Security Alert, April 13, 2004
Multiple Vulnerabilities in Microsoft Products

Source: MS
Type: UNKNOWN
MS04-011

Source: XF
Type: UNKNOWN
winxp-shell-shimgvw-bo(15284)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1064

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:897

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:959

Vulnerable Configuration:Configuration 1:
  • cpe:/o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*
  • OR cpe:/o:microsoft:windows_nt:4.0:sp6a:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/o:microsoft:windows:xp:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:1064
    V
    Windows XP WMF/EMF Buffer Overflow
    2011-05-16
    oval:org.mitre.oval:def:897
    V
    Windows NT WMF/EMF Buffer Overflow
    2008-03-24
    oval:org.mitre.oval:def:959
    V
    Windows 2000 WMF/EMF Buffer Overflow
    2004-05-25
    BACK
    microsoft windows 2000 * sp2
    microsoft windows 2000 * sp4
    microsoft windows nt 4.0 sp6a
    microsoft windows xp * sp1
    microsoft windows xp