Alias(es)IE.WMF.Handling.Memory.Corruption |
Release DateFeb 08, 2006 |
Severityhigh |
ImpactDenial of Service.System compromise: remote code execution. |
DescriptionThis indicates a possible exploit of a buffer overflow vulnerability in Microsoft's WMF parsing, as used in Internet Explorer. The exploit can be triggered via a crafted WMF file with a manipulated header size, possibly involving an integer overflow. It may allow attackers to cause a denial of service and possibly execute code |
Affected ProductsInternet Explorer 5.01 SP4 on Windows 2000 SP4,Internet Explorer 5.5 SP2 on Windows Millennium, and possibly other versions. |
Recommended ActionsUpgrade to Microsoft Internet Explorer 6.0 SP1 or later. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2006-0020 |
Reference/shttp://www.securityfocus.com/bid/16516 (BugTraq)http://www.microsoft.com/technet/security/Bulletin/MS06-004.mspx (MS-ID) |
