Two vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system.
1) Some integer overflow errors exist in the Graphics Rendering Engine GDI32.DLL (e.g. MRBP16::bCheckRecord) when rendering certain malformed Windows Metafile (WMF) and Enhanced Metafile (EMF) image files. This can be exploited to cause a heap-based buffer overflow and allows arbitrary code execution on a user's system via a specially crafted WMF/EMF file.
2) An integer overflow error exists in the "PlayMetaFileRecord" function of GDI32.DLL when handling the "SetPaletteEntries" records in a Windows Metafile (WMF) image file. This can be exploited to cause a heap-based buffer overflow and allows arbitrary code execution on a user's system via a specially crafted WMF file.
Vulnerability #1 and #2 reportedly affects any program that renders the affected image types and can be exploited by e.g. tricking the user to open a malicious WMF/EMF file, or to view a folder that contains the image.
The vulnerabilities are also reportedly exploitable by embedding the image in an Office document, or by convincing the user to view an HTML email containing an image attachment in Outlook, or via a malicious web site.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to email@example.com
Subject: Microsoft Windows WMF/EMF File Rendering Arbitrary Code Execution
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.