Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2123

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-2123
Last Modified 07 Mar 2011 09:23:27
Published 29 Nov 2005 04:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-2123

Summary

Multiple integer overflows in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allow remote attackers to execute arbitrary code via crafted Windows Metafile (WMF) and Enhanced Metafile (EMF) format images that lead to heap-based buffer overflows, as demonstrated using MRBP16::bCheckRecord.

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

  • Microsoft Windows 2003 Server 64-bit

  • Microsoft Windows 2003 Server Itanium

  • Microsoft Windows 2003 Server R2

  • Microsoft Windows 2003 Server Sp1

  • Microsoft Windows Xp


References

CERT-VN - VU#300549

CERT - TA05-312A

MS - MS05-053

MISC - http://www.eeye.com/html/research/advisories/AD20051108b.html

VUPEN - ADV-2005-2348

BID - 15352

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2005-228.pdf

SECTRACK - 1015168

SECUNIA - 17498

SECUNIA - 17461

SECUNIA - 17223


Last Updated: 27 May 2016 10:40:24