US-CERT Technical Cyber Security Alert TA06-005A -- Update for Microsoft Windows Metafile Vulnerability

06/01/06, US-CERT Technical Cyber Security Alert TA06-005A -- Update for Microsoft Windows Metafile Vulnerability
From: CERT Advisory <cert-advisory@cert.org>

Generated by MHonArc

CSIM Logo WelcomeCourses
Faculty, Student, Staff
Projects and reports
Conferences, workshop and seminars
Laboratories and reasearch facilities
Information related to CSIM
Information non-related to CSIM
Address, map, phone, etc.
Search

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


To: cert-advisory@cert.org
Subject: US-CERT Technical Cyber Security Alert TA06-005A -- Update for Microsoft Windows Metafile Vulnerability
From: CERT Advisory <cert-advisory@cert.org>
Date: Thu, 5 Jan 2006 17:13:12 -0500
List-archive: <http://www.cert.org/>
List-help: <http://www.cert.org/>, <mailto:Majordomo@cert.org?body=help>
List-owner: <mailto:cert-advisory-owner@cert.org>
List-post: NO (posting not allowed on this list)
List-unsubscribe: <mailto:Majordomo@cert.org?body=unsubscribe%20cert-advisory>
Organization: CERT(R) Coordination Center - +1 412-268-7090

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


                        National Cyber Alert System

                 Technical Cyber Security Alert TA06-005A


Update for Microsoft Windows Metafile Vulnerability

   Original release date: January 5, 2006
   Last revised: --
   Source: US-CERT


Systems Affected

     * Systems running Microsoft Windows


Overview

   Microsoft Security Bulletin MS06-001 contains an update to fix a
   vulnerability in the way Microsoft Windows handles images in the
   Windows Metafile (WMF) format.


I. Description

   TA05-362A describes a vulnerability in the way Microsoft Windows
   handles Windows Metafile images. This vulnerability could allow a
   remote attacker to execute arbitrary code. Microsoft Security Bulletin
   MS06-001 contains an update to fix this vulnerability.

   The vulnerability is described in further detail in VU#181038.


II. Impact

   A remote, unauthenticated attacker may be able to execute arbitrary
   code if the user is persuaded to view a specially crafted Windows
   Metafile.


III. Solution

Apply a patch from your vendor

   Install the appropriate update according to Microsoft Security
   Bulletin MS06-001.


Appendix A. References

     * Microsoft Security Bulletin MS06-001 -
       <http://www.microsoft.com/technet/security/Bulletin/MS06-001.mspx>

     * US-CERT Vulnerability Note VU#181038 -
       <http://www.kb.cert.org/vuls/id/181038>

     * US-CERT Technical Cyber Security Alert TA05-362A -
       <http://www.us-cert.gov/cas/techalerts/TA05-362A.html>


 ____________________________________________________________________

   The most recent version of this document can be found at:

     <http://www.us-cert.gov/cas/techalerts/TA06-005A.html>
 ____________________________________________________________________

   Feedback can be directed to US-CERT Technical Staff. Please send
   email to <cert@cert.org> with "TA06-005A Feedback VU#181038" in the
   subject.
 ____________________________________________________________________

   For instructions on subscribing to or unsubscribing from this
   mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
 ____________________________________________________________________

   Produced 2006 by US-CERT, a government organization.

   Terms of use:

     <http://www.us-cert.gov/legal.html>
 ____________________________________________________________________



Revision History

   January 5, 2006: Initial release



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBQ72ZA30pj593lg50AQLAqgf/Wwj2V0SfgA61RdAw1H8GxAaWjb3Hsuix
8DMAcZv8yITiZLkt2JD/d1piq28v0o23g0TR2I2F5sj+8GsfkmYGLOGkoqYJ4v+0
8yD3JZIxwcR+OJlA29HZebBHUNR00QBUQEb369QK9mntVqUZ/XKGiW05mQPODwhr
rFJQy3hB54evEGltScn4wTzzEB2YsSShKlBCAPOVLocLUNIZ1X60n234fe0YLABK
IUpDp6g/CrDmQ3fQYLfBGQQD462NIdccYzeYNARCOSR77dHbPYAiMvNQiiJSvrEp
4Iz2Gkm0T+jA9o4SgmkuYOtA/+3XaWXDgUP3d6Kwfo4cm9LzciF+vQ==
=GfKm
-----END PGP SIGNATURE-----

Next message sorted by date: US-CERT Technical Cyber Security Alert TA06-010A -- Microsoft Windows, Outlook, and Exchange Vulnerabilities
Next message by thread: US-CERT Technical Cyber Security Alert TA06-010A -- Microsoft Windows, Outlook, and Exchange Vulnerabilities
Main Index
Thread Index

CSIM home pageWMailAccount managementCSIM LibraryNetwork test toolsSearch CSIM directories
Contact us: Olivier Nicole CSIM    SET    AIT Last update: Jan 2006