[Microsoft Alert] Microsoft Security Bulletin MS06-026

Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (918547)

Issued: June 13, 2006

Version: 1.0

 

Summary

Who should read this document: Customers who use Microsoft Windows

 

Impact of Vulnerability: Remote Code Execution

 

Maximum Severity Rating: Critical

 

Recommendation: Customers should apply the update immediately

 

Security Update Replacement: None

 

 

Vulnerability Details:

A remote code execution vulnerability exists in the Graphics Rendering Engine because of the way that it handles Windows Metafile (WMF) images. An attacker could exploit the vulnerability by constructing a specially crafted WMF image that could potentially allow remote code execution if a user visited a malicious Web site or opened a specially crafted attachment in e-mail. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

 

 

Affected Software:

Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me)

 

Non-Affected Software:

Microsoft Windows 2000 Service Pack 4

 

Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2

 

Microsoft Windows XP Professional x64 Edition

 

Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1

 

Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems

 

Microsoft Windows Server 2003 x64 Edition

---