|
|
Family: Windows : Microsoft Bulletins --> Category: infos
Vulnerabilities in Graphics Rendering Engine Could Allow Code Execution (912919) Vulnerability Scan
Vulnerability Scan Summary
Acertains the presence of update 912919
Detailed Explanation for this Vulnerability Test
Synopsis :
Arbitrary code can be executed on the remote host by sending a malformed file
to a victim.
Description :
The remote host contains a version of Microsoft Windows is missing a critical
security update which fixes several vulnerabilities in the Graphic Rendering
Engine, and in the way Windows handles Metafiles.
A possible hacker may exploit these flaws to execute arbitrary code on the remote
host. To exploit this flaw, a possible hacker would need to send a specially
crafted Windows Metafile (WMF) to a user on the remote host, or lure him
into visiting a rogue website containing such a file.
Solution :
Microsoft has released a set of patches for Windows 2000, XP SP2 and 2003 :
http://www.microsoft.com/technet/security/bulletin/ms06-001.mspx
Threat Level:
High / CVSS Base Score : 7.0
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
