MS06-001: Vulnerabilities in Graphics Rendering Engine Could Allow Code Execution (912919)

NASLDB: MS06-001: Vulnerabilities in Graphics Rendering Engine Could Allow Code Execution (912919)

General

ID: 20382
Name: MS06-001: Vulnerabilities in Graphics Rendering Engine Could Allow Code Execution (912919)

Summary: Determines the presence of update 912919

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Port: 139
Family: Windows : Microsoft Bulletins
Type: Local

Description

The remote host contains a version of Microsoft Windows that is
missing a critical security update that fixes several vulnerabilities
in the Graphic Rendering Engine, and in the way Windows handles
Metafiles.

An attacker could exploit these flaws to execute arbitrary code on the
remote host. To exploit this flaw, an attacker would need to send a
specially crafted Windows Metafile (WMF) to a user on the remote host,
or lure him into visiting a rogue website containing such a file.

Exploiting

Exploit Available: True
Exploitability Ease: Exploits are available

Sources

CVE: CVE-2005-4560
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: 2005/12/27
Patch Release: 2006/01/05
Plugin Release: 2006/01/05

Plugin

Version: 1.28
Filename: smb_nt_ms06-001.nasl
Filesize: 4284 bytes
MD5 Hash: 6868115d8ea5607ca451a04e49eeebcd

Identification: Host/patch_management_checks
Require Keys: SMB/MS_Bulletin_Checks/Possible
Dependencies: "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl"

Letzte Plugins

Letzte Plugins

scip AG