Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:10908
HistoryJan 07, 2006 - 12:00 a.m.

US-CERT Technical Cyber Security Alert TA06-005A -- Update for Microsoft Windows Metafile Vulnerability

2006-01-0700:00:00
vulners.com
7
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                    National Cyber Alert System

             Technical Cyber Security Alert TA06-005A

Update for Microsoft Windows Metafile Vulnerability

Original release date: January 5, 2006
Last revised: –
Source: US-CERT

Systems Affected

 * Systems running Microsoft Windows

Overview

Microsoft Security Bulletin MS06-001 contains an update to fix a
vulnerability in the way Microsoft Windows handles images in the
Windows Metafile (WMF) format.

I. Description

TA05-362A describes a vulnerability in the way Microsoft Windows
handles Windows Metafile images. This vulnerability could allow a
remote attacker to execute arbitrary code. Microsoft Security Bulletin
MS06-001 contains an update to fix this vulnerability.

The vulnerability is described in further detail in VU#181038.

II. Impact

A remote, unauthenticated attacker may be able to execute arbitrary
code if the user is persuaded to view a specially crafted Windows
Metafile.

III. Solution

Apply a patch from your vendor

Install the appropriate update according to Microsoft Security
Bulletin MS06-001.

Appendix A. References

 * Microsoft Security Bulletin MS06-001 -
   <http://www.microsoft.com/technet/security/Bulletin/MS06-001.mspx>

 * US-CERT Vulnerability Note VU#181038 -
   <http://www.kb.cert.org/vuls/id/181038>

 * US-CERT Technical Cyber Security Alert TA05-362A -
   <http://www.us-cert.gov/cas/techalerts/TA05-362A.html>

The most recent version of this document can be found at:

 <http://www.us-cert.gov/cas/techalerts/TA06-005A.html>

Feedback can be directed to US-CERT Technical Staff. Please send
email to <[email protected]> with "TA06-005A Feedback VU#181038" in the
subject.

For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html&gt;.

Produced 2006 by US-CERT, a government organization.

Terms of use:

 &lt;http://www.us-cert.gov/legal.html&gt;

Revision History

January 5, 2006: Initial release

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBQ72ZA30pj593lg50AQLAqgf/Wwj2V0SfgA61RdAw1H8GxAaWjb3Hsuix
8DMAcZv8yITiZLkt2JD/d1piq28v0o23g0TR2I2F5sj+8GsfkmYGLOGkoqYJ4v+0
8yD3JZIxwcR+OJlA29HZebBHUNR00QBUQEb369QK9mntVqUZ/XKGiW05mQPODwhr
rFJQy3hB54evEGltScn4wTzzEB2YsSShKlBCAPOVLocLUNIZ1X60n234fe0YLABK
IUpDp6g/CrDmQ3fQYLfBGQQD462NIdccYzeYNARCOSR77dHbPYAiMvNQiiJSvrEp
4Iz2Gkm0T+jA9o4SgmkuYOtA/+3XaWXDgUP3d6Kwfo4cm9LzciF+vQ==
=GfKm
-----END PGP SIGNATURE-----

JSON