(MS06-001) Microsoft Windows WMF "SETABORTPROC" Arbitrary Code Execution

  Severity: HIGH
  CVE Identifier: CVE-2005-4560
  Advisory Date: FEB 04, 2011

  DESCRIPTION

The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and CVE-2005-2124, and as originally discovered in the wild on unionseek.com.

  TREND MICRO PROTECTION INFORMATION

Trend Micro Deep Security shields networks through Deep Packet Inspection (DPI) rules. Trend Micro customers using OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities. Please refer to the filter number and filter name when applying appropriate DPI and/or IDF rules.

  AFFECTED SOFTWARE AND VERSION

  • Microsoft Windows Server 2003 Datacenter
  • Microsoft Windows Server 2003 Datacenter SP1
  • Microsoft Windows Server 2003 Enterprise
  • Microsoft Windows Server 2003 Enterprise SP1
  • Microsoft Windows Server 2003 Standard
  • Microsoft Windows Server 2003 Standard SP1
  • Microsoft Windows Server 2003 Web
  • Microsoft Windows Server 2003 Web SP1
  • Microsoft Windows XP Home
  • Microsoft Windows XP Home SP1
  • Microsoft Windows XP Home SP2
  • Microsoft Windows XP Media Center
  • Microsoft Windows XP Media Center SP1
  • Microsoft Windows XP Media Center SP2
  • Microsoft Windows XP Professional
  • Microsoft Windows XP Professional SP1
  • Microsoft Windows XP Professional SP2
  • Microsoft Windows XP Tablet PC
  • Microsoft Windows XP Tablet PC SP1
  • Microsoft Windows XP Tablet PC SP2

Related Malware