HTTP: WMF Metasploit File
This signature detects Windows MetaFile (WMF) images generated from the Metasploit Framework through HTTP. Malformed WMF files can trigger a known vulnerability in several Windows versions. WMF files are generally not sent over the Internet aside from publishing industries.
Extended Description
Microsoft Windows WMF graphics rendering engine is affected by a remote code-execution vulnerability. This issue affects the 'SetAbortProc' function. The problem presents itself when a user views a malicious WMF formatted file, triggering the vulnerability when the engine attempts to parse the file. The issue may be exploited remotely or locally. Any remote code execution that occurs will be with the privileges of the user viewing a malicious image. An attacker may gain SYSTEM privileges if an administrator views the malicious file. Local code execution may facilitate a complete compromise.
Affected Products
Avaya s8100_media_servers,Avaya definityone_media_servers
References
BugTraq: 16074
CVE: CVE-2005-4560
URL: http://www.microsoft.com/technet/security/Bulletin/MS06-001.mspx http://www.kb.cert.org/vuls/id/181038
Short Name
HTTP:STC:IMG:WMF-METASPLOIT
Severity
Critical
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2005-4560 File Metasploit WMF bid:16074
Release Date
01/03/2006
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3727
False Positive
Rarely
Vendors
Microsoft
Ibm
Gentoo
Avaya
Xnview
Irfanview
Nortel_networks
Debian
Wine
CVSS Score
7.5