| Release Date | Sep 11, 2006 |
| Severity | Critical |
| Impact | System compromise: remote code execution. |
| Description | This indicates an attempt to exploit a buffer overflow vulnerability in the Graphic Rendering Engine of Microsoft Windows.
There is a heap overflow vulnerability in the Graphic Rendering Engine of MS Windows 2000, XP, and 2003 that allows remote attackers to execute arbitrary code. This may happen when rendering specially crafted Windows Metafile (WMF) and Enhanced Metafile (EMF) image files. Any program that renders WMF or EMF images on the affected systems could be vulnerable to this attack. An attacker who successfully exploits this vulnerability could take complete control of an affected system. |
| Affected Products | Any application running on an unprotected Microsoft Windows 2000, 2003, or XP that renders WMF or EMF image files is vulnerability to this attack. |
| Recommended Actions | Apply appropriate patches from Microsoft. |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0209
|
| Microsoft Bulletin ID | MS04-032 http://www.microsoft.com/technet/security/Bulletin/MS04-032.mspx |
| Reference/s | http://www.securityfocus.com/bid/11375 (BugTraq)
|