ID CVE-2005-0803
Summary The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 allows remote attackers to cause a denial of service (application crash) via a crafted Enhanced Metafile (EMF) file that causes invalid (1) end, (2) emreof, or (3) palent offsets to be used, aka "Enhanced Metafile Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_2000:-:advanced_server
    cpe:2.3:o:microsoft:windows_2000:-:advanced_server
  • cpe:2.3:o:microsoft:windows_2000:-:datacenter_server
    cpe:2.3:o:microsoft:windows_2000:-:datacenter_server
  • cpe:2.3:o:microsoft:windows_2000:-:professional
    cpe:2.3:o:microsoft:windows_2000:-:professional
  • cpe:2.3:o:microsoft:windows_2000:-:server
    cpe:2.3:o:microsoft:windows_2000:-:server
  • Microsoft Windows 2000 Advanced Server SP1
    cpe:2.3:o:microsoft:windows_2000:-:sp1:advanced_server
  • Microsoft Windows 2000 Datacenter Server SP1
    cpe:2.3:o:microsoft:windows_2000:-:sp1:datacenter_server
  • Microsoft Windows 2000 Professional SP1
    cpe:2.3:o:microsoft:windows_2000:-:sp1:professional
  • Microsoft Windows 2000 Server SP1
    cpe:2.3:o:microsoft:windows_2000:-:sp1:server
  • Microsoft Windows 2000 Advanced Server SP2
    cpe:2.3:o:microsoft:windows_2000:-:sp2:advanced_server
  • Microsoft Windows 2000 Datacenter Server SP2
    cpe:2.3:o:microsoft:windows_2000:-:sp2:datacenter_server
  • Microsoft Windows 2000 Professional SP2
    cpe:2.3:o:microsoft:windows_2000:-:sp2:professional
  • Microsoft Windows 2000 Server SP2
    cpe:2.3:o:microsoft:windows_2000:-:sp2:server
  • Microsoft Windows 2000 Advanced Server SP3
    cpe:2.3:o:microsoft:windows_2000:-:sp3:advanced_server
  • Microsoft Windows 2000 Datacenter Server SP3
    cpe:2.3:o:microsoft:windows_2000:-:sp3:datacenter_server
  • Microsoft Windows 2000 Professional SP3
    cpe:2.3:o:microsoft:windows_2000:-:sp3:professional
  • Microsoft Windows 2000 Server SP3
    cpe:2.3:o:microsoft:windows_2000:-:sp3:server
  • Microsoft Windows 2000 Advanced Server SP4
    cpe:2.3:o:microsoft:windows_2000:-:sp4:advanced_server
  • Microsoft Windows 2000 Datacenter Server SP4
    cpe:2.3:o:microsoft:windows_2000:-:sp4:datacenter_server
  • Microsoft Windows 2000 Professional SP4
    cpe:2.3:o:microsoft:windows_2000:-:sp4:professional
  • Microsoft Windows 2000 Server SP4
    cpe:2.3:o:microsoft:windows_2000:-:sp4:server
CVSS
Base: 5.0 (as of 10-06-2005 - 18:38)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
exploit-db via4
  • description MS Windows Metafile (mtNoObjects) Denial of Service Exploit (MS05-053). CVE-2005-0803,CVE-2005-2123,CVE-2005-2124. Dos exploit for windows platform
    id EDB-ID:1346
    last seen 2016-01-31
    modified 2005-11-30
    published 2005-11-30
    reporter Winny Thomas
    source https://www.exploit-db.com/download/1346/
    title Microsoft Windows Metafile - mtNoObjects Denial of Service Exploit MS05-053
  • description Microsoft Windows 2000/2003/XP Graphical Device Interface Library Denial Of Service Vulnerability. CVE-2005-0803. Dos exploit for windows platform
    id EDB-ID:25231
    last seen 2016-02-03
    modified 2005-03-17
    published 2005-03-17
    reporter Hongzhen Zhou
    source https://www.exploit-db.com/download/25231/
    title Microsoft Windows 2000/2003/XP Graphical Device Interface Library Denial of Service Vulnerability
nessus via4
NASL family Windows : Microsoft Bulletins
NASL id SMB_NT_MS05-053.NASL
description The remote host contains a version of Microsoft Windows missing a critical security update to fix several vulnerabilities in the Graphic Rendering Engine, and in the way Windows handles Metafiles. An attacker could exploit these flaws to execute arbitrary code on the remote host by sending a specially crafted Windows Metafile (WMF) or Enhanced Metafile (EMF) to a victim on the remote host. When viewing the malformed file, a buffer overflow condition occurs that may allow the execution of arbitrary code with the privileges of the user.
last seen 2019-02-21
modified 2018-11-15
plugin id 20172
published 2005-11-08
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=20172
title MS05-053: Vulnerabilities in Graphics Rendering Engine Could Allow Code Execution (896424)
oval via4
  • accepted 2011-05-16T04:00:20.804-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Dragos Prisaca
      organization Gideon Technologies, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 allows remote attackers to cause a denial of service (application crash) via a crafted Enhanced Metafile (EMF) file that causes invalid (1) end, (2) emreof, or (3) palent offsets to be used, aka "Enhanced Metafile Vulnerability."
    family windows
    id oval:org.mitre.oval:def:1121
    status accepted
    submitted 2005-11-09T12:00:00.000-04:00
    title EMF Rendering Denial of Service Vulnerability (32-bit Windows XP,SP2)
    version 69
  • accepted 2011-05-16T04:00:25.704-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 allows remote attackers to cause a denial of service (application crash) via a crafted Enhanced Metafile (EMF) file that causes invalid (1) end, (2) emreof, or (3) palent offsets to be used, aka "Enhanced Metafile Vulnerability."
    family windows
    id oval:org.mitre.oval:def:1152
    status accepted
    submitted 2005-11-09T12:00:00.000-04:00
    title EMF Rendering Denial of Service Vulnerability (32-bit Windows XP,SP1)
    version 68
  • accepted 2011-05-16T04:00:34.254-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 allows remote attackers to cause a denial of service (application crash) via a crafted Enhanced Metafile (EMF) file that causes invalid (1) end, (2) emreof, or (3) palent offsets to be used, aka "Enhanced Metafile Vulnerability."
    family windows
    id oval:org.mitre.oval:def:1215
    status accepted
    submitted 2005-11-09T12:00:00.000-04:00
    title EMF Rendering Denial of Service Vulnerability (64-bit Windows XP and Server 2003,SP1)
    version 68
  • accepted 2011-05-16T04:00:39.048-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Anna Min
      organization BigFix, Inc
    • name Mike Lah
      organization The MITRE Corporation
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 allows remote attackers to cause a denial of service (application crash) via a crafted Enhanced Metafile (EMF) file that causes invalid (1) end, (2) emreof, or (3) palent offsets to be used, aka "Enhanced Metafile Vulnerability."
    family windows
    id oval:org.mitre.oval:def:1240
    status accepted
    submitted 2005-11-09T12:00:00.000-04:00
    title EMF Rendering Denial of Service Vulnerability (Windows 2000)
    version 70
  • accepted 2011-05-16T04:03:19.838-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 allows remote attackers to cause a denial of service (application crash) via a crafted Enhanced Metafile (EMF) file that causes invalid (1) end, (2) emreof, or (3) palent offsets to be used, aka "Enhanced Metafile Vulnerability."
    family windows
    id oval:org.mitre.oval:def:671
    status accepted
    submitted 2005-11-09T12:00:00.000-04:00
    title EMF Rendering Denial of Service Vulnerability (64-bit Windows XP and Server 2003,Unpatched)
    version 69
refmap via4
bid 12834
bugtraq 20050317 Windows 2000 GDI32.DLL GetEnhMetaFilePaletteEntries() API specially crafted EMF file DOS vulnerability
cert TA05-312A
cert-vn VU#134756
confirm http://support.avaya.com/elmodocs2/security/ASA-2005-228.pdf
ms MS05-053
osvdb 20580
sectrack 1015168
secunia
  • 14631
  • 17223
  • 17461
vupen ADV-2005-2348
xf win-2000-gdi32dll-dos(19727)
Last major update 17-10-2016 - 23:14
Published 02-05-2005 - 00:00
Last modified 12-10-2018 - 17:36
Back to Top