CVE-2006-0020

Name of the Vulnerable Software and Affected Versions: Internet Explorer versions 5.01 SP4 and 5.5 SP2 Internet Explorer (affected versions not specified)

Description: The issue is related to the handling of Windows Metafile (WMF) images, which can lead to a denial of service (crash) and possibly allow code execution via a crafted WMF file. This is due to a manipulated WMF header size, possibly involving an integer overflow. An attacker could exploit this by constructing a specially crafted WMF image, potentially allowing remote code execution if a user visits a malicious website, opens or previews an email message, or opens a specially crafted attachment.

Recommendations: For Internet Explorer version 5.01 SP4, consider disabling the handling of WMF images until a patch is available. For Internet Explorer version 5.5 SP2, restrict access to WMF files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.