CERT-In Vulnerability Note CIVN-2006-49
Microsoft Windows Graphics Rendering Engine Vulnerability

Original Issue Date: June 14, 2006

Severity Rating: High

Systems Affected

•  Microsoft Windows 98
•  Microsoft Windows 98 Second Edition (SE)
•  Microsoft Windows Millennium Edition (Me)

Overview

A vulnerability has been reported in Windows Graphics Rendering Engine which could allow a remote attacker to execute arbitrary code on a vulnerable system.

Description

A Windows Metafile (WMF) image is a 16-bit metafile format that can contain both vector information and bitmap information and is optimized for the Windows operating system. This vulnerability is caused due to an error in the Graphics Rendering Engine when processing WMF (Windows Metafile) images.

This vulnerability could be exploited by an attacker by creating a maliciously crafted wmf image file, hosting the same on a webpage or sending through email as attachment and persuading a user to open the same. The attacker can also trick the user by renaming the file name extension of a WMF file to that of a different image format.

Solution:

For details regarding the patches refer to Microsoft Security Bulletin MS06-026. The patches are available from Windows Update website.

Vendor Information

Microsoft
http://www.microsoft.com/technet/security/bulletin/ms06-026.mspx

References

US-CERT
http://www.kb.cert.org/vuls/id/909508

Secunia
http://secunia.com/advisories/20631

CVE Name
CVE-2006-2376

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003