CVE-2005-2123 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2005-2123
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2005-2123

Description: Multiple integer overflows in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allow remote attackers to execute arbitrary code via crafted Windows Metafile (WMF) and Enhanced Metafile (EMF) format images that lead to heap-based buffer overflows, as demonstrated using MRBP16::bCheckRecord.

CVE Status: Candidate

References: ST 1015168 SAID Secunia Advisory: SA17498 Secunia Advisory: SA17461 Secunia Advisory: SA17223 OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1263 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1175 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1063 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1546 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:701 MS http://www.microsoft.com/technet/security/Bulletin/MS05-053.mspx MISC http://www.eeye.com/html/research/advisories/AD20051108b.html CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2005-228.pdf CERT-VN 300549 CERT http://www.us-cert.gov/cas/techalerts/TA05-312A.html BID 15352

Return to the previous page.