Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Preemptive Protection against Vulnerabilities in Graphics Rendering Engine (MS05-053)

Attack ID: CPAI-2005-149
Publish Date:
Last Update:
Category: Remote Code Execution
Vulnerable Systems: Microsoft Windows 2000 SP4
Microsoft Windows XP SP1 and SP2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003 and Microsoft Windows Server 2003 SP1
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Source:

Microsoft Security Bulletin MS05-053

Description: A vulnerability was detected in the way several Microsoft operating systems process the common graphics formats EMF and WMF. This could be exploited by an attacker who persuaded a user to open a specially crafted file in the form of an HTML email, a link to a Web page, or a Microsoft Office document. Successful exploitation would grant an attacker complete control of the affected system.
Severity:
Details: The problem specifically exists in the way that the Graphics Rendering Engine processes Windows Metafile (WMF) and Enhanced Metafile (EMF) image formats.
Attack Detection:

Users of VPN-1 NG with Application Intelligence R54 and later versions who have applied the solution outlined below will identify the attack by the following log entries:

reason: Forbidden MIME attachment stripped
reason: Content Security - access denied

Solution:

Users of VPN-1 NG with Application Intelligence R54 and later versions who have applied the solution outlined in CPAI-2004-18 are preemptively protected against this vulnerability.

Industry Reference: CAN-2005-2123
CAN-2005-2124
CAN-2005-0803
Additional Information: CPAI-2004-45
Zone Labs Security Advisory