Alert

Update for Microsoft Windows Metafile Vulnerability

Last Revised
Alert Code
TA06-005A

Systems Affected

 
  • Systems running Microsoft Windows
 

Overview

 

Microsoft Security Bulletin MS06-001 contains an update to fix a vulnerability in the way Microsoft Windows handles images in the Windows Metafile (WMF) format.

 

Description

 

TA05-362A describes a vulnerability in the way Microsoft Windows handles Windows Metafile images. This vulnerability could allow a remote attacker to execute arbitrary code. Microsoft Security Bulletin MS06-001 contains an update to fix this vulnerability.

The vulnerability is described in further detail in VU#181038.

Impact

A remote, unauthenticated attacker may be able to execute arbitrary code if the user is persuaded to view a specially crafted Windows Metafile.

Solution

Apply a patch from your vendor

Install the appropriate update according to Microsoft Security Bulletin MS06-001.


 

Appendix A. References

  • Microsoft Security Bulletin MS06-001 - http://www.microsoft.com/technet/security/Bulletin/MS06-001.mspx
  • US-CERT Vulnerability Note VU#181038 - http://www.kb.cert.org/vuls/id/181038
  • US-CERT Technical Cyber Security Alert TA05-362A - http://www.us-cert.gov/cas/techalerts/TA05-362A.html


 

Feedback can be directed to US-CERT.

Revision History

  • January 5, 2006: Initial release
     

    Last updated 

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.