| ID |
CVE-2006-0106
|
| Summary |
gdi/driver.c and gdi/printdrv.c in Wine 20050930, and other versions, implement the SETABORTPROC GDI Escape function call for Windows Metafile (WMF) files, which allows attackers to execute arbitrary code, the same vulnerability as CVE-2005-4560 but in a different codebase. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:wine:wine:0.9.2
cpe:2.3:a:wine:wine:0.9.2
-
cpe:2.3:a:wine:wine:0.9.4
cpe:2.3:a:wine:wine:0.9.4
-
cpe:2.3:a:wine:wine:0.9.5
cpe:2.3:a:wine:wine:0.9.5
-
cpe:2.3:a:wine:wine:2005-09-30
cpe:2.3:a:wine:wine:2005-09-30
|
| CVSS |
| Base: | 7.5 (as of 11-01-2006 - 09:45) |
| Impact: | |
| Exploitability: | |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| PARTIAL |
PARTIAL |
PARTIAL |
|
| nessus
via4
|
| NASL family | Gentoo Local Security Checks | | NASL id | GENTOO_GLSA-200601-09.NASL | | description | The remote host is affected by the vulnerability described in GLSA-200601-09 (Wine: Windows Metafile SETABORTPROC vulnerability)
H D Moore discovered that Wine implements the insecure-by-design SETABORTPROC GDI Escape function for Windows Metafile (WMF) files.
Impact :
An attacker could entice a user to open a specially crafted Windows Metafile (WMF) file from within a Wine executed Windows application, possibly resulting in the execution of arbitrary code with the rights of the user running Wine.
Workaround :
There is no known workaround at this time. | | last seen | 2019-02-21 | | modified | 2018-08-10 | | plugin id | 20419 | | published | 2006-01-15 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id;=20419 | | title | GLSA-200601-09 : Wine: Windows Metafile SETABORTPROC vulnerability |
| NASL family | Mandriva Local Security Checks | | NASL id | MANDRAKE_MDKSA-2006-014.NASL | | description | A vulnerability was discovered by H D Moore in Wine which implements the SETABORTPROC GDI Escape function for Windows Metafile (WMF) files.
This could be abused by an attacker who is able to entice a user to open a specially crafted WMF file from within a Wine-execute Windows application, possibly resulting in the execution of arbitrary code with the privileges of the user runing Wine.
The updated packages have been patched to correct these problems. | | last seen | 2019-02-21 | | modified | 2018-07-19 | | plugin id | 20793 | | published | 2006-01-22 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id;=20793 | | title | Mandrake Linux Security Advisory : wine (MDKSA-2006:014) |
| NASL family | Debian Local Security Checks | | NASL id | DEBIAN_DSA-954.NASL | | description | H D Moore has discovered that Wine, a free implementation of the Microsoft Windows APIs, inherits a design flaw from the Windows GDI API, which may lead to the execution of code through GDI escape functions in WMF files.
The old stable distribution (woody) does not seem to be affected by this problem. | | last seen | 2019-02-21 | | modified | 2018-08-10 | | plugin id | 22820 | | published | 2006-10-14 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id;=22820 | | title | Debian DSA-954-1 : wine - design flaw |
|
| refmap
via4
|
| bugtraq | 20060117 ERRATA: [ GLSA 200601-09 ] Wine: Windows Metafile SETABORTPROC vulnerability | | debian | DSA-954 | | gentoo | GLSA-200601-09 | | mandriva | MDKSA-2006:014 | | misc | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346197 | | mlist | [Dailydave] 20060105 WMF goes away :< | | secunia | | | suse | SUSE-SR:2006:002 | | vupen | ADV-2006-0098 | | xf | win-wmf-execute-code(23846) |
|
| Last major update |
07-03-2011 - 21:29 |
| Published |
06-01-2006 - 13:03 |
| Last modified |
19-10-2018 - 11:42 |
