[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

251139

 
 

909

 
 

196159

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-4071Date: (C)2006-08-09   (M)2023-12-22


Sign extension vulnerability in the createBrushIndirect function in the GDI library (gdi32.dll) in Microsoft Windows XP, Server 2003, and possibly other versions, allows user-assisted attackers to cause a denial of service (application crash) via a crafted WMF file.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 2.6
Exploit Score: 4.9
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
SREASON-1353
BID-19365
http://www.securityfocus.com/archive/1/archive/1/442426/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/442420/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/456585/100/0/threaded
SECUNIA-21377
BID-21992
EXPLOIT-DB-3111
ADV-2006-3180
http://determina.blogspot.com/2007/01/whats-wrong-with-wmf.html
windows-wmf-gdi32-dos(28281)

CPE    3
cpe:/o:microsoft:windows_xp::sp1:tablet_pc
cpe:/o:microsoft:windows_xp::gold
cpe:/o:microsoft:windows_xp::sp2:tablet_pc

© SecPod Technologies