Update for Microsoft Windows Metafile Vulnerability
- Systems running Microsoft Windows
Microsoft Security Bulletin MS06-001 contains an update to fix a vulnerability in the way Microsoft Windows handles images in the Windows Metafile (WMF) format.
TA05-362A describes a vulnerability in the way Microsoft Windows handles Windows Metafile images. This vulnerability could allow a remote attacker to execute arbitrary code. Microsoft Security Bulletin MS06-001 contains an update to fix this vulnerability.
The vulnerability is described in further detail in VU#181038.
A remote, unauthenticated attacker may be able to execute arbitrary code if the user is persuaded to view a specially crafted Windows Metafile.
Apply a patch from your vendor
Install the appropriate update according to Microsoft Security Bulletin MS06-001.
Appendix A. References
- Microsoft Security Bulletin MS06-001 - http://www.microsoft.com/technet/security/Bulletin/MS06-001.mspx
- US-CERT Vulnerability Note VU#181038 - http://www.kb.cert.org/vuls/id/181038
- US-CERT Technical Cyber Security Alert TA05-362A - http://www.us-cert.gov/cas/techalerts/TA05-362A.html
Feedback can be directed to US-CERT.
January 5, 2006: Initial release