Check Point Advisories

Internet Explorer WMF Image Parsing Memory Corruption (CVE-2006-0020)

Check Point Reference: CPAI-2006-185
Date Published: 14 Feb 2010
Severity: Medium
Last Updated: Sunday 14 February, 2010
Source:
Industry Reference:CVE-2006-0020
Protection Provided by:

Security Gateway
R81, R80, R77, R75
Who is Vulnerable?
Vulnerability Description The Windows Metafile (WMF) is a standard Windows image file format. It consists of a set of graphics functions and parameters that describe the steps required to render an image. WMF is a 16-bit format that can contain both vector and bitmap information. A WMF file contains a main header, followed by one or more records of data. Each record is a binary-encoded function call to the Microsoft Windows Graphics Device Interface (GDI). The data from each record is passed to the respective GDI functions as parameters in order to render the desired image. A memory corruption vulnerability has been discovered in several versions of the Microsoft Internet Explorer. The flaw is specific to the processing of the Windows Metafile (WMF) files. Successful exploitation of this vulnerability may allow for arbitrary code to be injected and executed on a vulnerable host system. In a successful attack, arbitrary code can be injected into the vulnerable process. The behaviour of the target is dependent on the malicious code. If such an attack is not executed successfully, the vulnerable application may terminate as a result of the attack attempt. Note that any code executed by the attacker runs with the privileges of the logged in user.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75

  1. In the IPS tab, click Protections and find the Internet Explorer WMF Image Parsing Memory Corruption protection using the Search tool and Edit the protection's settings.
  2. Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name:  Content Protection Violation.
Attack Information:  Microsoft Internet Explorer WMF image parsing memory corruption

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK