Archived Content

In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
Alert

Update for Microsoft Windows Metafile Vulnerability

Last Revised
Alert Code
TA06-005A

Systems Affected

 
  • Systems running Microsoft Windows
 

Overview

 

Microsoft Security Bulletin MS06-001 contains an update to fix a vulnerability in the way Microsoft Windows handles images in the Windows Metafile (WMF) format.

 

Description

 

TA05-362A describes a vulnerability in the way Microsoft Windows handles Windows Metafile images. This vulnerability could allow a remote attacker to execute arbitrary code. Microsoft Security Bulletin MS06-001 contains an update to fix this vulnerability.

The vulnerability is described in further detail in VU#181038.

Impact

A remote, unauthenticated attacker may be able to execute arbitrary code if the user is persuaded to view a specially crafted Windows Metafile.

Solution

Apply a patch from your vendor

Install the appropriate update according to Microsoft Security Bulletin MS06-001.


 

Appendix A. References

  • Microsoft Security Bulletin MS06-001 - http://www.microsoft.com/technet/security/Bulletin/MS06-001.mspx
  • US-CERT Vulnerability Note VU#181038 - http://www.kb.cert.org/vuls/id/181038
  • US-CERT Technical Cyber Security Alert TA05-362A - http://www.us-cert.gov/cas/techalerts/TA05-362A.html


 

Feedback can be directed to US-CERT.

Revision History

  • January 5, 2006: Initial release
     

    Last updated 

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts

We recently updated our anonymous product survey; we welcome your feedback.