| Vulnerability Name: | CVE-2005-2123 (CCN-22876) | ||||||||||||||||||||||||
| Assigned: | 2005-11-08 | ||||||||||||||||||||||||
| Published: | 2005-11-08 | ||||||||||||||||||||||||
| Updated: | 2018-10-12 | ||||||||||||||||||||||||
| Summary: | Multiple integer overflows in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allow remote attackers to execute arbitrary code via crafted Windows Metafile (WMF) and Enhanced Metafile (EMF) format images that lead to heap-based buffer overflows, as demonstrated using MRBP16::bCheckRecord. | ||||||||||||||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2005-2123 Source: CCN Type: SA17223 Nortel Centrex IP Client Manager Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 17223 Source: CCN Type: SA17461 Avaya Products Microsoft Windows WMF/EMF Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 17461 Source: CCN Type: SA17498 Microsoft Windows WMF/EMF File Rendering Arbitrary Code Execution Source: SECUNIA Type: UNKNOWN 17498 Source: CCN Type: SECTRACK ID: 1015168 Microsoft Windows Buffer Overflows in Graphics Rendering Engine Lets Remote Users Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1015168 Source: CONFIRM Type: UNKNOWN http://support.avaya.com/elmodocs2/security/ASA-2005-228.pdf Source: MISC Type: Patch, Vendor Advisory http://www.eeye.com/html/research/advisories/AD20051108b.html Source: CCN Type: US-CERT VU#300549 Microsoft Windows Graphics Rendering Engine buffer overflow vulnerability Source: CERT-VN Type: Patch, Third Party Advisory, US Government Resource VU#300549 Source: CCN Type: Microsoft Security Bulletin MS05-053 Vulnerabilities in Graphics Rendering Engine Could Allow Code Execution (896424) Source: BID Type: UNKNOWN 15352 Source: CCN Type: BID-15352 Microsoft Windows Graphics Rendering Engine WMF/EMF Format Code Execution Vulnerability Source: CERT Type: US Government Resource TA05-312A Source: VUPEN Type: UNKNOWN ADV-2005-2348 Source: MS Type: UNKNOWN MS05-053 Source: XF Type: UNKNOWN win-wmf-emf-bo(22876) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1063 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1175 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1263 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1546 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:701 | ||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||