VulDB: Microsoft Windows 2000 Metafile WMF/EMF Handler buffer overflow
General
scipID: 603
Affected: Microsoft Windows 2000
Published: 04/13/2004
Risk: 
critical
Entry: 95.4% complete
Created: 04/14/2004
Updated: 09/03/2012
Summary
A vulnerability, which was classified as critical, was found in Microsoft Windows 2000. This affects an unknown function of the component Metafile WMF/EMF Handler. The manipulation with an unknown input leads to a buffer overflow vulnerability. This is going to have an impact on confidentiality, integrity, and availability.
The weakness was presented 04/13/2004 with eEye Digital Security as MS04-011. The advisory is shared for download at microsoft.com. This vulnerability is uniquely identified as CVE-2003-0906 since 11/04/2003. It is possible to initiate the attack remotely. Technical details are unknown but an exploit is available.
The exploit is shared for download at k-otik.com.
Applying a patch is able to eliminate this problem. The bugfix is ready for download at windowsupdate.microsoft.com. The vulnerability is also documented in the databases at OSVDB (5252), Secunia (SA11064) and SecurityFocus (BID 10120). Further details are available at eeye.com.CVSS
Base Score: 4.6 (CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:P) [?]
| Access Vector | Access Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Local | High | Multiple | None | None | None |
| Adjacent | Medium | Single | Partial | Partial | Partial |
| Network | Low | None | Complete | Complete | Complete |
Exploiting
Class: Buffer overflow
Local: No
Remote: Yes
Availability: Yes
Download: k-otik.com
Countermeasures
Recommended: Patch
0-Day Time: 0 days since found
Patch: windowsupdate.microsoft.com
Timeline
11/04/2003 | CVE assigned
04/13/2004 | Advisory disclosed
04/13/2004 | OSVDB entry created
04/14/2004 | VulDB entry created
09/03/2012 | VulDB entry updated
Sources
Advisory: MS04-011
Researcher: http://www.eeye.com
Company: eEye Digital Security
OSVDB: 5252
CVE: CVE-2003-0906 (mitre.org) (nist.org) (cvedetails.com)
Secunia: 11064
SecurityFocus: 10120
Misc.: eeye.com
- Latest Entries
- Apple QuickTime DREF Atom Handler buffer overflow [CVE-2013-1017]
- Apple QuickTime H.264 Handler buffer overflow [CVE-2013-1018]
- Apple QuickTime MP3 File Handler buffer overflow [CVE-2013-0989]
- Apple QuickTime Sorenson Codec Handler buffer overflow [CVE-2013-1019]
- Apple QuickTime JPEG Handler buffer overflow [CVE-2013-1020]
- Statistics
- Archive
