ID CVE-2003-0906
Summary Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image.
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*
CVSS
Base: 7.6 (as of 12-10-2018 - 21:33)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:H/Au:N/C:C/I:C/A:C
oval via4
  • accepted 2011-05-16T04:00:15.565-04:00
    class vulnerability
    contributors
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image.
    family windows
    id oval:org.mitre.oval:def:1064
    status accepted
    submitted 2004-04-13T12:00:00.000-04:00
    title Windows XP WMF/EMF Buffer Overflow
    version 70
  • accepted 2008-03-24T04:00:53.087-04:00
    class vulnerability
    contributors
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    definition_extensions
    comment Microsoft Windows NT is installed
    oval oval:org.mitre.oval:def:36
    description Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image.
    family windows
    id oval:org.mitre.oval:def:897
    status accepted
    submitted 2004-04-13T12:00:00.000-04:00
    title Windows NT WMF/EMF Buffer Overflow
    version 68
  • accepted 2004-05-25T12:00:00.000-04:00
    class vulnerability
    contributors
    name Andrew Buttner
    organization The MITRE Corporation
    description Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image.
    family windows
    id oval:org.mitre.oval:def:959
    status accepted
    submitted 2004-04-13T12:00:00.000-04:00
    title Windows 2000 WMF/EMF Buffer Overflow
    version 63
refmap via4
bid 10120
cert TA04-104A
cert-vn VU#547028
ms MS04-011
Last major update 12-10-2018 - 21:33
Published 01-06-2004 - 04:00
Back to Top