Microsoft Windows Explorer WMF File Denial of Service Vulnerability
BID:21992
CVE-2006-4071 |Info
Microsoft Windows Explorer WMF File Denial of Service Vulnerability
| Bugtraq ID: | 21992 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 10 2007 12:00AM |
| Updated: | Jan 11 2007 07:10PM |
| Credit: | Orbital is credited with the discovery of this vulnerability. |
| Vulnerable: |
Microsoft Windows XP Tablet PC Edition SP2 Microsoft Windows XP Tablet PC Edition SP1 Microsoft Windows XP Tablet PC Edition Microsoft Windows XP Professional x64 Edition Microsoft Windows XP Professional SP2 Microsoft Windows XP Professional SP1 Microsoft Windows XP Professional Microsoft Windows XP Media Center Edition SP2 Microsoft Windows XP Media Center Edition SP1 Microsoft Windows XP Media Center Edition Microsoft Windows XP Home SP2 Microsoft Windows XP Home SP1 Microsoft Windows XP Home Microsoft Windows XP Gold 0 Microsoft Windows XP 64-bit Edition Version 2003 SP1 Microsoft Windows XP 64-bit Edition Version 2003 Microsoft Windows XP 64-bit Edition SP1 Microsoft Windows XP 64-bit Edition Microsoft Windows XP 0 Microsoft Windows Explorer 0 |
| Not Vulnerable: | |
Discussion
Microsoft Windows Explorer WMF File Denial of Service Vulnerability
Microsoft Windows Explorer is prone to a denial-of-service vulnerability.
A remote attacker may exploit this vulnerability by presenting a malicious file to a victim user and enticing them to open it with the vulnerable application. Users that simply browse folders containing the malicious file will also trigger this issue.
A successful exploit will crash the vulnerable application, effectively denying service.
This issue may be related to BID 19365: Microsoft Windows GDI32.DLL WMF Remote Denial of Service Vulnerability.
Microsoft Windows Explorer is prone to a denial-of-service vulnerability.
A remote attacker may exploit this vulnerability by presenting a malicious file to a victim user and enticing them to open it with the vulnerable application. Users that simply browse folders containing the malicious file will also trigger this issue.
A successful exploit will crash the vulnerable application, effectively denying service.
This issue may be related to BID 19365: Microsoft Windows GDI32.DLL WMF Remote Denial of Service Vulnerability.
Exploit / POC
Microsoft Windows Explorer WMF File Denial of Service Vulnerability
The following exploit is available:
The following exploit is available:
Solution / Fix
Microsoft Windows Explorer WMF File Denial of Service Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
References
Microsoft Windows Explorer WMF File Denial of Service Vulnerability
References:
References:
- Determina Security Blog: What's wrong with WMF? ( Alexander Sotirov)
- Windows XP Homepage (Microsoft)