| Vulnerability Name: | CVE-2005-4560 (CCN-23846) | ||||||||||||||||||||||||||||
| Assigned: | 2005-12-27 | ||||||||||||||||||||||||||||
| Published: | 2005-12-27 | ||||||||||||||||||||||||||||
| Updated: | 2018-10-19 | ||||||||||||||||||||||||||||
| Summary: | The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and CVE-2005-2124, and as originally discovered in the wild on unionseek.com. | ||||||||||||||||||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 5.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)
5.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)
| ||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-20 | ||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2005-4560 Source: MITRE Type: CNA CVE-2006-0106 Source: MISC Type: UNKNOWN http://linuxbox.org/pipermail/funsec/2006-January/002455.html Source: CCN Type: SA18255 Microsoft Windows WMF "SETABORTPROC" Arbitrary Code Execution Source: SECUNIA Type: Vendor Advisory 18255 Source: CCN Type: SA18311 Nortel Centrex IP Client Manager Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory 18311 Source: CCN Type: SA18323 Wine Potential WMF "SETABORTPROC" Vulnerability Source: CCN Type: SA18364 Avaya Products Microsoft Windows WMF "SETABORTPROC" Vulnerability Source: SECUNIA Type: Vendor Advisory 18364 Source: CCN Type: SA18415 Nortel Products Microsoft Windows WMF "SETABORTPROC" Code Execution Source: SECUNIA Type: Vendor Advisory 18415 Source: CCN Type: SECTRACK ID: 1015416 Microsoft Windows Unspecified WMF Rendering Bug Lets Remote Users Execute Arbitrary Code Source: SECTRACK Type: Exploit 1015416 Source: MISC Type: Vendor Advisory http://support.avaya.com/elmodocs2/security/ASA-2006-001.htm Source: CCN Type: ASA-2006-001 WMF vulnerability in Windows (MS06-001) Source: MISC Type: Vendor Advisory http://vil.mcafeesecurity.com/vil/content/v_137760.htm Source: DEBIAN Type: DSA-954 wine -- design flaw Source: CCN Type: F-Secure : News from the Lab Wednesday, December 28, 2005 New WMF 0-day exploit Source: MISC Type: Exploit, Vendor Advisory http://www.f-secure.com/weblog/archives/archive-122005.html#00000753 Source: CCN Type: GLSA-200601-09 Wine: Windows Metafile SETABORTPROC vulnerability Source: CCN Type: US-CERT VU#181038 Microsoft Windows Metafile handler SETABORTPROC GDI Escape vulnerability Source: CERT-VN Type: Third Party Advisory, US Government Resource VU#181038 Source: CCN Type: Microsoft.com Web site Windows Picture and Fax Viewer overview Source: CCN Type: Microsoft Security Advisory (912840) Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution. Source: MISC Type: Vendor Advisory http://www.microsoft.com/technet/security/advisory/912840.mspx Source: CCN Type: Microsoft Security Bulletin MS06-001 Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919) Source: CCN Type: Microsoft Security Bulletin MS07-046 Vulnerability in GDI Could Allow Remote Code Execution (938829) Source: CCN Type: Microsoft Security Bulletin MS08-021 Vulnerabilities in GDI Could Allow Remote Code Execution (948590) Source: BUGTRAQ Type: UNKNOWN 20051227 Is this a new exploit? Source: BUGTRAQ Type: UNKNOWN 20051227 Exploitation of Windows WMF on the web Source: BUGTRAQ Type: UNKNOWN 20051228 RE: [Full-disclosure] Someone wasted a nice bug on spyware... Source: BUGTRAQ Type: UNKNOWN 20051228 Re: Is this a new exploit? Source: BUGTRAQ Type: UNKNOWN 20051228 WMF Exploit Source: BUGTRAQ Type: UNKNOWN 20051229 WMF exploit Source: BUGTRAQ Type: UNKNOWN 20051229 RE: WMF Exploit Source: BUGTRAQ Type: UNKNOWN 20060101 Re: RE: WMF Exploit Source: BUGTRAQ Type: UNKNOWN 20060103 WMF round-up, updates and de-mystification Source: BUGTRAQ Type: UNKNOWN 20060103 WMF SETABORTPROC exploit Source: BUGTRAQ Type: UNKNOWN 20060103 Re: [funsec] WMF round-up, updates and de-mystification Source: BUGTRAQ Type: UNKNOWN 20060104 Another WMF exploit workaround Source: BID Type: Exploit 16074 Source: CCN Type: BID-16074 Microsoft Windows Graphics Rendering Engine WMF SetAbortProc Code Execution Vulnerability Source: CCN Type: US-CERT Technical Cyber Security Alert TA05-362A Microsoft Windows Metafile Handling Buffer Overflow Source: CERT Type: Third Party Advisory, US Government Resource TA05-362A Source: CERT Type: Third Party Advisory, US Government Resource TA06-005A Source: VUPEN Type: Vendor Advisory ADV-2005-3086 Source: MISC Type: UNKNOWN http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375341 Source: MISC Type: UNKNOWN http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375420 Source: CCN Type: Internet Security Systems Protection Alert December 28, 2005 Microsoft Picture and Fax Viewer WMF Buffer Overflow Source: CCN Type: Internet Security Systems Protection Alert Additional Vectors for GDI32.DLL WMF Image Rendering Vulnerability Source: MS Type: UNKNOWN MS06-001 Source: CCN Type: IBM Internet Security Systems X-Force Database Microsoft Windows Metafile image format buffer overflow Source: XF Type: UNKNOWN win-wmf-execute-code(23846) Source: XF Type: UNKNOWN win-wmf-execute-code(23846) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1431 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1433 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1460 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1492 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1564 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1612 Source: SUSE Type: SUSE-SR:2006:002 SUSE Security Summary Report | ||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||