Vulnerability Details : CVE-2003-0906
Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2003-0906
Probability of exploitation activity in the next 30 days: 10.33%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 94 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2003-0906
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
7.6
|
HIGH | AV:N/AC:H/Au:N/C:C/I:C/A:C |
4.9
|
10.0
|
[email protected] |
References for CVE-2003-0906
-
http://www.securityfocus.com/bid/10120
-
http://www.kb.cert.org/vuls/id/547028
Patch;Third Party Advisory;US Government Resource
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1064
-
http://www.us-cert.gov/cas/techalerts/TA04-104A.html
Third Party Advisory;US Government Resource
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A959
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A897
Products affected by CVE-2003-0906
- cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*