Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0803

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-0803
Last Modified 08 Jul 2011 12:00:00
Published 02 May 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-0803

Summary

The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 allows remote attackers to cause a denial of service (application crash) via a crafted Enhanced Metafile (EMF) file that causes invalid (1) end, (2) emreof, or (3) palent offsets to be used, aka "Enhanced Metafile Vulnerability."

Vulnerable Systems

Operating System

  • Microsoft Windows 2000


References

CERT - TA05-312A

CERT-VN - VU#134756

XF - win-2000-gdi32dll-dos(19727)

VUPEN - ADV-2005-2348

BID - 12834

OSVDB - 20580

MS - MS05-053

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2005-228.pdf

SECTRACK - 1015168

SECUNIA - 17461

SECUNIA - 17223

SECUNIA - 14631

BUGTRAQ - 20050317 Windows 2000 GDI32.DLL GetEnhMetaFilePaletteEntries() API specially crafted EMF file DOS vulnerability


Last Updated: 27 May 2016 10:39:56