Vulnerability Name:

CVE-2005-0803 (CCN-19727)

Assigned:2005-03-17
Published:2005-03-17
Updated:2019-04-30
Summary:The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 allows remote attackers to cause a denial of service (application crash) via a crafted Enhanced Metafile (EMF) file that causes invalid (1) end, (2) emreof, or (3) palent offsets to be used, aka "Enhanced Metafile Vulnerability."
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-399
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: BugTraq Mailing List, Thu Mar 17 2005 - 04:16:52 CST
Windows 2000 GDI32.DLL GetEnhMetaFilePaletteEntries() API specially crafted EMF file DOS vulnerability

Source: MITRE
Type: CNA
CVE-2005-0803

Source: BUGTRAQ
Type: UNKNOWN
20050317 Windows 2000 GDI32.DLL GetEnhMetaFilePaletteEntries() API specially crafted EMF file DOS vulnerability

Source: CCN
Type: SA14631
Microsoft Windows EMF File Denial of Service Vulnerability

Source: SECUNIA
Type: UNKNOWN
14631

Source: CCN
Type: SA17223
Nortel Centrex IP Client Manager Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
17223

Source: CCN
Type: SA17461
Avaya Products Microsoft Windows WMF/EMF Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
17461

Source: CCN
Type: SECTRACK ID: 1015168
Microsoft Windows Buffer Overflows in Graphics Rendering Engine Lets Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1015168

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2005-228.pdf

Source: CCN
Type: US-CERT VU#134756
Microsoft Windows buffer overflow in Enhanced Metafile rendering API

Source: CERT-VN
Type: US Government Resource
VU#134756

Source: CCN
Type: Microsoft Security Bulletin MS05-053
Vulnerabilities in Graphics Rendering Engine Could Allow Code Execution (896424)

Source: OSVDB
Type: UNKNOWN
20580

Source: CCN
Type: OSVDB ID: 20580
Microsoft Windows GetEnhMetaFilePaletteEntries() EMF File Rendering DoS

Source: BID
Type: Exploit
12834

Source: CCN
Type: BID-12834
Microsoft Windows Graphical Device Interface Library Denial Of Service Vulnerability

Source: CERT
Type: US Government Resource
TA05-312A

Source: VUPEN
Type: Vendor Advisory
ADV-2005-2348

Source: MS
Type: UNKNOWN
MS05-053

Source: XF
Type: UNKNOWN
win-2000-gdi32dll-dos(19727)

Source: XF
Type: UNKNOWN
win-2000-gdi32dll-dos(19727)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1121

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1152

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1215

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1240

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:671

Vulnerable Configuration:Configuration 1:
  • cpe:/o:microsoft:windows_2000:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:microsoft:windows_xp:-:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server::x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:-::~~~~itanium~:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:sp1_itanium:*:*:*:*:*:*
  • OR cpe:/a:microsoft:windows_2003:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:671
    V
    		EMF Rendering Denial of Service Vulnerability (64-bit Windows XP and Server 2003,Unpatched)
    2011-05-16
    oval:org.mitre.oval:def:1240
    V
    		EMF Rendering Denial of Service Vulnerability (Windows 2000)
    2011-05-16
    oval:org.mitre.oval:def:1121
    V
    		EMF Rendering Denial of Service Vulnerability (32-bit Windows XP,SP2)
    2011-05-16
    oval:org.mitre.oval:def:1152
    V
    		EMF Rendering Denial of Service Vulnerability (32-bit Windows XP,SP1)
    2011-05-16
    oval:org.mitre.oval:def:1215
    V
    		EMF Rendering Denial of Service Vulnerability (64-bit Windows XP and Server 2003,SP1)
    2011-05-16
    BACK
    microsoft windows 2000 *
    microsoft windows 2000 * sp1
    microsoft windows 2000 * sp2
    microsoft windows 2000 * sp3
    microsoft windows 2000 * sp4
    microsoft windows xp - sp1
    microsoft windows 2000 - sp4
    microsoft windows 2003_server
    microsoft windows xp sp2
    microsoft windows 2003 server -
    microsoft windows 2003_server sp1
    microsoft windows 2003_server sp1_itanium
    microsoft windows 2003 *