U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Alert (TA06-005A)

Update for Microsoft Windows Metafile Vulnerability

Original release date: January 05, 2006

Systems Affected

  • Systems running Microsoft Windows

Overview

Microsoft Security Bulletin MS06-001 contains an update to fix a vulnerability in the way Microsoft Windows handles images in the Windows Metafile (WMF) format.

Description

TA05-362A describes a vulnerability in the way Microsoft Windows handles Windows Metafile images. This vulnerability could allow a remote attacker to execute arbitrary code. Microsoft Security Bulletin MS06-001 contains an update to fix this vulnerability.

The vulnerability is described in further detail in VU#181038.

Impact

A remote, unauthenticated attacker may be able to execute arbitrary code if the user is persuaded to view a specially crafted Windows Metafile.

Solution

Apply a patch from your vendor

Install the appropriate update according to Microsoft Security Bulletin MS06-001.


Appendix A. References


Feedback can be directed to US-CERT.

Revision History

  • January 5, 2006: Initial release

    Last updated

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top