Dan
01-05-2006, 17:23
National Cyber Alert System
Technical Cyber Security Alert TA06-005A
Update for Microsoft Windows Metafile Vulnerability
Original release date: January 5, 2006
Last revised: --
Source: US-CERT
Systems Affected
* Systems running Microsoft Windows
Overview
Microsoft Security Bulletin MS06-001 contains an update to fix a
vulnerability in the way Microsoft Windows handles images in the
Windows Metafile (WMF) format.
I. Description
TA05-362A describes a vulnerability in the way Microsoft Windows
handles Windows Metafile images. This vulnerability could allow a
remote attacker to execute arbitrary code. Microsoft Security Bulletin
MS06-001 contains an update to fix this vulnerability.
The vulnerability is described in further detail in VU#181038.
II. Impact
A remote, unauthenticated attacker may be able to execute arbitrary
code if the user is persuaded to view a specially crafted Windows
Metafile.
III. Solution
Apply a patch from your vendor
Install the appropriate update according to Microsoft Security
Bulletin MS06-001.
Appendix A. References
* Microsoft Security Bulletin MS06-001 -
<http://www.microsoft.com/technet/security/Bulletin/MS06-001.mspx>
* US-CERT Vulnerability Note VU#181038 -
<http://www.kb.cert.org/vuls/id/181038>
* US-CERT Technical Cyber Security Alert TA05-362A -
<http://www.us-cert.gov/cas/techalerts/TA05-362A.html>
__________________________________________________ __________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA06-005A.html>
__________________________________________________ __________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA06-005A Feedback VU#181038" in the
subject.
__________________________________________________ __________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
__________________________________________________ __________________
Produced 2006 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
__________________________________________________ __________________
Revision History
January 5, 2006: Initial release
Technical Cyber Security Alert TA06-005A
Update for Microsoft Windows Metafile Vulnerability
Original release date: January 5, 2006
Last revised: --
Source: US-CERT
Systems Affected
* Systems running Microsoft Windows
Overview
Microsoft Security Bulletin MS06-001 contains an update to fix a
vulnerability in the way Microsoft Windows handles images in the
Windows Metafile (WMF) format.
I. Description
TA05-362A describes a vulnerability in the way Microsoft Windows
handles Windows Metafile images. This vulnerability could allow a
remote attacker to execute arbitrary code. Microsoft Security Bulletin
MS06-001 contains an update to fix this vulnerability.
The vulnerability is described in further detail in VU#181038.
II. Impact
A remote, unauthenticated attacker may be able to execute arbitrary
code if the user is persuaded to view a specially crafted Windows
Metafile.
III. Solution
Apply a patch from your vendor
Install the appropriate update according to Microsoft Security
Bulletin MS06-001.
Appendix A. References
* Microsoft Security Bulletin MS06-001 -
<http://www.microsoft.com/technet/security/Bulletin/MS06-001.mspx>
* US-CERT Vulnerability Note VU#181038 -
<http://www.kb.cert.org/vuls/id/181038>
* US-CERT Technical Cyber Security Alert TA05-362A -
<http://www.us-cert.gov/cas/techalerts/TA05-362A.html>
__________________________________________________ __________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA06-005A.html>
__________________________________________________ __________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA06-005A Feedback VU#181038" in the
subject.
__________________________________________________ __________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
__________________________________________________ __________________
Produced 2006 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
__________________________________________________ __________________
Revision History
January 5, 2006: Initial release