HTTP: WMF File Download
This signature detects Windows MetaFile (WMF) images being downloaded through HTTP. Malformed WMF files can trigger a known vulnerability in several Windows versions. WMF files are generally not sent over the Internet aside from publishing industries. Networks that routinely transfer WMF files should consider not including this signature in a security policy
Extended Description
Microsoft Windows WMF graphics rendering engine is affected by a remote code execution vulnerability. The problem presents itself when a user views a malicious WMF formatted file, triggering the vulnerability when the engine attempts to parse the file. A malicious file can cause an integer overflow that may facilitate heap memory corruption and arbitrary code execution. Any code execution that occurs will be with SYSTEM privileges due to the nature of the affected engine. Successful exploitation can facilitate a remote compromise or local privilege escalation.
Affected Products
Avaya s8100_media_servers,Microsoft windows_xp_media_center_edition
Short Name
HTTP:STC:IMG:WMF-DOWNLOAD
Severity
Warning
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2005-2124 Download File WMF bid:15356
Release Date
11/08/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Microsoft
Avaya
CVSS Score
7.6