PT-2005-3061 · Microsoft · Windows Server 2003+3

Peter Ferrie

Published

2005-11-29

Updated

2018-10-12

CVE-2005-2124

CVSS v2.0

7.6

High

Vector

AV:N/AC:H/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Windows 2000 SP4 Windows XP SP1 Windows XP SP2 Windows Server 2003 SP1

Description: The issue is related to an unspecified vulnerability in the Graphics Rendering Engine, specifically in the GDI32.DLL component, which is associated with an unchecked buffer and possibly buffer overflows. This allows remote attackers to execute arbitrary code via a crafted Windows Metafile (WMF) format image.

Recommendations: For Windows 2000 SP4, update to a version that includes the fix for this issue. For Windows XP SP1, update to a version that includes the fix for this issue. For Windows XP SP2, update to a version that includes the fix for this issue. For Windows Server 2003 SP1, update to a version that includes the fix for this issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-2124

Affected Products

Gdi32.Dll

Windows 2000

Windows Server 2003

Windows Xp

PT-2005-3061 · Microsoft · Windows Server 2003+3

CVE-2005-2124

Related Identifiers

Affected Products

References · 16