| Vulnerability Name: | CVE-2005-2124 (CCN-22877) | ||||||||
| Assigned: | 2005-11-08 | ||||||||
| Published: | 2005-11-08 | ||||||||
| Updated: | 2018-10-12 | ||||||||
| Summary: | Unspecified vulnerability in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1, related to "An unchecked buffer" and possibly buffer overflows, allows remote attackers to execute arbitrary code via a crafted Windows Metafile (WMF) format image, aka "Windows Metafile Vulnerability." | ||||||||
| CVSS v3 Severity: | 9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 7.6 High (CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2005-2124 Source: CCN Type: SA17223 Nortel Centrex IP Client Manager Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 17223 Source: CCN Type: SA17461 Avaya Products Microsoft Windows WMF/EMF Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 17461 Source: CCN Type: SA17498 Microsoft Windows WMF/EMF File Rendering Arbitrary Code Execution Source: SECUNIA Type: UNKNOWN 17498 Source: SREASON Type: UNKNOWN 161 Source: CCN Type: SECTRACK ID: 1015168 Microsoft Windows Buffer Overflows in Graphics Rendering Engine Lets Remote Users Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1015168 Source: CONFIRM Type: UNKNOWN http://support.avaya.com/elmodocs2/security/ASA-2005-228.pdf Source: MISC Type: UNKNOWN http://www.eeye.com/html/research/advisories/AD20051108a.html Source: MISC Type: Patch, Vendor Advisory http://www.eeye.com/html/research/advisories/AD20051108b.html Source: CCN Type: US-CERT VU#433341 Microsoft Windows vulnerable to buffer overflow via specially crafted WMF file Source: CERT-VN Type: Patch, Third Party Advisory, US Government Resource VU#433341 Source: CCN Type: Microsoft Security Bulletin MS05-053 Vulnerabilities in Graphics Rendering Engine Could Allow Code Execution (896424) Source: BID Type: UNKNOWN 15356 Source: CCN Type: BID-15356 Microsoft Windows Graphics Rendering Engine WMF Format Code Execution Vulnerability Source: CERT Type: US Government Resource TA05-312A Source: VUPEN Type: UNKNOWN ADV-2005-2348 Source: CCN Type: Internet Security Systems Protection Alert December 28, 2005 Microsoft Picture and Fax Viewer WMF Buffer Overflow Source: CCN Type: Internet Security Systems Protection Alert Additional Vectors for GDI32.DLL WMF Image Rendering Vulnerability Source: MS Type: UNKNOWN MS05-053 Source: XF Type: UNKNOWN win-wmf-bo(22877) Source: CCN Type: IBM Internet Security Systems X-Force Database Microsoft Windows .wmf file code execution | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||