台灣
RSS
Outpost 個人防火牆 - Vulnerabilities in Graphics Rendering Engine Could Lead to Remote Code Execution
Agnitum Security Advisories
ASA-11-0511-4: Vulnerabilities in Graphics Rendering Engine Could Lead to Remote Code Execution
Vulnerability summary:
|
Severity rating:
|
Critical
|
|
|
Date Published:
|
November 8, 2005
|
|
|
Software Vendor:
|
Microsoft
|
|
|
Affected Software:
|
Graphics Rendering Engine
|
|
|
Affected OS:
|
Windows XP (all), Windows Server 2003 (all), Microsoft Windows XP Professional x64 Edition, Windows 2000 (all)
|
|
|
Unaffected with:
|
Windows 98 (incl. SE), Windows Millennium Edition (ME)
|
|
|
Vulnerability class:
|
Remote Code Execution
|
|
|
Status:
|
Fixed
|
Vulnerability details:
Tech brief:
Remote code execution vulnerability exists in graphics rendering engine that could allow an attacker to remotely execute arbitrary code on the affected system.
According to the report, the problem involves how the engine processes two graphics format files - Windows Metafile (WMF) and Enhanced Metafile (EMF). The flaw could lead to remote code execution on the affected system.
In order to exploit the vulnerability, an attacker needs to lure people into visiting a specially constructed website hosting either of two vulnerable graphic files. Additionally, a hacker could send an email containing the vulnerable graphics and get the victim to open the file as an attachment or preview the email in an email client's preview pane. After that, a successful attacker could take complete control of the system, including executing and modifying files or accessing the system remotely.
Vendor reference information:
Vendor details pertaining to the problem are available here:
http://www.microsoft.com/technet/security/Bulletin/MS05-053.mspx
General Mitigating Recommendations:
Install latest vendor patches available at http://windowsupdate.microsoft.com.
Do not visit doubtful sites or at least limit multimedia content rendered on these sites
How Outpost Firewall PRO protects you:
With Outpost you can specify which internet sites are allowed to display images and other embedded content and thus restrict the dendition of potentially dangerous elements for sites considered as "Not Trusted".
Email messages which contain user-specified attachment types can be blocked from accidental opening and thus be prevented from running potentially malicious code.
Disclaimer:
Information in the present advisory is believed to be accurate as to the time of publishing based on currently available information. Use of the information signifies acceptance for use in an AS IS condition. There are no warranties with regard to this information. Agnitum Ltd. doesn't accept any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
關於Version 2 Limited
Version 2 Limited 是亞洲其中一間最有活力的IT公司,公司發展及代理各種不同的互聯網及IP-Based 網絡IT產品,當中包括通訊系統、保安、網絡及媒體產品。透過公司龐大的網絡、銷售點、分銷商及合作顆伴,Version 2 Limited 便可提供廣被市場讚賞的產品及服務。Version 2 Limited 客戶來自各行各業,包括全球1000大跨國企業、上市公司、公用機構、政府部門、無數成功的中小企及來自亞洲各城市的客戶。
如對產品有興趣,可瀏覽以下網址:
http://www.version-2.com/op
http://www.version-2.com/nod32op
