Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: MS06-026: Graphics Rendering Engine / Remote Code Execution - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
MS06-026: Graphics Rendering Engine / Remote Code Execution
MS06 - 026 - KB 918547

** This vulnerability ONLY applies to Windows 98, 98SE, and ME (We aren't still running these, are we?).  Windows 2000, XP and beyond are not vulnerable **

This is a critical vulnerability in the Graphics Rednering Engine that allows remote code execution of the target system using specifically crafted WMF files.  When successfully exploited, the target system can be completely compromised.  This is a new vulnerability not associated with the WMF vulnerabilities from earlier this year.  An attacker can exploit this vulnerability by using a specifically crafted webpage (and getting the victim to view that page) or by sending an exploit in email (where the email reader renders images).

If you are running Windows 98, 98SE, or ME, you should upgrade your operating system to Windows 2000, XP or later.  If you cannot upgrade, this patch should be installed immediately.

John Bambenek -- University of Illinois


John

245 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!