HTTP: Malformed EMF Tag
This signature detects malformed EMF files. EMF files are used by Microsoft for image portability between different types of devices. There is a known vulnerability in the GDI parser that handles EMF files; attackers can entice a user to open a malformed file, which can allow the attacker to take control of the user's machine as the System user.
Extended Description
Multiple integer overflows in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allow remote attackers to execute arbitrary code via crafted Windows Metafile (WMF) and Enhanced Metafile (EMF) format images that lead to heap-based buffer overflows, as demonstrated using MRBP16::bCheckRecord.
Affected Products
Microsoft windows_2000
Short Name
HTTP:STC:IMG:MALFORMED-EMF-TAG
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2005-2123 EMF Malformed Tag bid:15352
Release Date
09/10/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3761
False Positive
Unknown
Vendors
Microsoft
CVSS Score
7.5