US-CERT Technical Cyber Security Alert TA06-005A -- Update for Microsoft Windows Metafile Vulnerability

National Cyber Alert System

Technical Cyber Security Alert TA06-005A

Update for Microsoft Windows Metafile Vulnerability

Original release date: January 5, 2006
Last revised: --
Source: US-CERT

Systems Affected

Systems running Microsoft Windows

Overview

Microsoft Security Bulletin MS06-001 contains an update to fix a vulnerability in the way Microsoft Windows handles images in the Windows Metafile (WMF) format.

I. Description

TA05-362A describes a vulnerability in the way Microsoft Windows handles Windows Metafile images. This vulnerability could allow a remote attacker to execute arbitrary code. Microsoft Security Bulletin MS06-001 contains an update to fix this vulnerability.

The vulnerability is described in further detail in VU#181038.

II. Impact

A remote, unauthenticated attacker may be able to execute arbitrary code if the user is persuaded to view a specially crafted Windows Metafile.

III. Solution

Apply a patch from your vendor

Install the appropriate update according to Microsoft Security Bulletin MS06-001.

Appendix A. References

Microsoft Security Bulletin MS06-001 - <http://www.microsoft.com/technet/security/Bulletin/MS06-001.mspx>
US-CERT Vulnerability Note VU#181038 - <http://www.kb.cert.org/vuls/id/181038>
US-CERT Technical Cyber Security Alert TA05-362A - <http://www.us-cert.gov/cas/techalerts/TA05-362A.html>

Feedback can be directed to US-CERT.

Produced 2006 by US-CERT, a government organization. Terms of use

Revision History

January 5, 2006: Initial release

Last updated February 08, 2008

US-CERT: United States Computer Emergency Readiness Team

Information For

Sign Up

Reporting

DHS Threat Advisory