OSVDB ID: 26431

Title: Microsoft Windows Graphics Rendering Engine PolyPolygon Function Overflow

Info

Disclosure

Jun 13, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Jul 13, 2006

Description

A remote overflow exists in Windows. The Graphics Rendering Engine fails to validate Windows Metafile images resulting in a heap overflow in the PolyPolygon function. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Unknown
Disclosure: OSVDB Verified, Vendor Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Products

Microsoft Corporation	Windows	98
		98 SE
		ME

References

Bugtraq ID: 18322
CVE ID: 2006-2376 (see also: NVD)
Secunia Advisory ID: 20631
Microsoft Knowledge Base Article: 918547
VUPEN Advisory: ADV-2006-2324
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0252.html
Microsoft Security Bulletin: MS06-026
Keyword: SYMSA-2006-004

Credit

Peter Ferrie - peter_ferriesymantec.com - Symantec Vulnerability Research

Direct URL: http://osvdb.org/26431

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

Windows

References

Credit