HTTP: EMF File Download
This signature detects Windows Enhanced MetaFile (EMF) images being downloaded via HTTP. Reported vulnerabilities in Windows 2000, XP, and 2003 GDI systems make this a hazardous file to download. EMF files are generally not sent over the Internet unless used by a publishing or printing company. Hits on this entry by typical companies are extremely suspicious and should be investigated.
Extended Description
Microsoft Windows WMF/EMF graphics rendering engine is affected by a remote code execution vulnerability. The problem presents itself when a user views a malicious WMF or EMF formatted file causing the affected engine to attempt to parse it. Exploitation of this issue can trigger an integer overflow that may facilitate heap memory corruption and arbitrary code execution. Any code execution that occurs will be with SYSTEM privileges due to the nature of the affected engine. Successful exploitation can facilitate a remote compromise or local privilege escalation.
Affected Products
Avaya s8100_media_servers,Microsoft windows_xp_media_center_edition
References
BugTraq: 15352
CVE: CVE-2005-2123
URL: http://www.skynet.ie/~caolan/publink/libwmf/libwmf/doc/ora-wmf.html
Short Name
HTTP:STC:IMG:EMF-DOWNLOAD
Severity
Warning
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2005-2123 Download EMF File bid:15352
Release Date
11/08/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Microsoft
Avaya
CVSS Score
7.5