A vulnerability has been reported in Windows XP, which potentially can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to boundary errors (possibly in "shimgvw.dll") when processing Enhanced Metafiles (".emf"). The problem is that memory is allocated based on size information in the file's header.
This can be exploited to cause heap overflows by specifying a "Size" field, which is smaller (e.g. 1 byte) than the actual size of the file and header. The vulnerability will be triggered by either viewing a malicious file or by navigating to a directory, which contains a malicious file and displays it as a thumbnail.
Successful exploitation crashes "explorer.exe" but may reportedly also allow execution of arbitrary code.
NOTE: Windows Metafiles (".wmf") with malformed "Size" fields will also impact functionality somewhat by consuming 99% CPU resources.
Solution: Grant only trusted users access to affected systems. Don't view untrusted ".emf" files. Don't display the contents of directories as thumbnails.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: Microsoft Windows Enhanced/Windows Metafile Handling Vulnerability
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.