| Check Point Reference: |
CPAI-2007-041 |
| Date Published: |
11 Apr 2007 |
| Severity: |
Critical
|
| Last Updated: |
Monday 30 April, 2007 |
| Source: |
Microsoft Security Bulletin MS07-017 |
| Industry Reference: | CVE-2007-1211
CVE-2007-1212 |
| Protection Provided by: |
|
| Who is Vulnerable? | Microsoft Windows 2000 SP4
Microsoft Windows XP SP2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Professional x64 Edition SP2
Microsoft Windows Server 2003
Microsoft Windows Server 2003 SP1
Microsoft Windows Server 2003 SP2
Microsoft Windows Server 2003 (Itanium)
Microsoft Windows Server 2003 with SP1 (Itanium)
Microsoft Windows Server 2003 with SP2 (Itanium)
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows Server 2003 x64 Edition SP2
Windows Vista
Windows Vista x64 Edition |
| Vulnerability Description |
A remote code execution vulnerability has been discovered in the rendering of Enhanced Metafile (EMF) image format, and a denial of service vulnerability exists in the rendering of Windows Metafile (WMF) image format. WMF and EMF are image formats used in many Windows programs including Internet Explorer and Outlook. By persuading a user to open a specially crafted WMF or EMF image file, an attacker may be able to execute arbitrary code on the affected system. |
| Update/Patch Avaliable | Apply patches:
Microsoft Security Bulletin MS07-017 |
| Vulnerability Details | The vulnerability is due to an error in Microsoft Windows that fails to properly handle malformed WMF and EMF files. By convincing a user to visit a specially crafted HTML documents or open a malicious web page, a remote attacker could cause a denial of service condition or execute arbitrary code on an affected system. Successful exploitation may allow execution of arbitrary code on a vulnerable system.
|
Feedback