Vulnerability Details : CVE-2005-4560
Public exploit exists!
The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and CVE-2005-2124, and as originally discovered in the wild on unionseek.com.
Vulnerability category: Input validationExecute code
Exploit prediction scoring system (EPSS) score for CVE-2005-4560
Probability of exploitation activity in the next 30 days: 97.31%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2005-4560
-
Windows XP/2003/Vista Metafile Escape() SetAbortProc Code Execution
Disclosure Date: 2005-12-27First seen: 2020-04-26exploit/windows/browser/ms06_001_wmf_setabortprocThis module exploits a vulnerability in the GDI library included with Windows XP and 2003. This vulnerability uses the 'Escape' metafile function to execute arbitrary code through the SetAbortProc procedure. This module generates a random WMF record stream for each
CVSS scores for CVE-2005-4560
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2005-4560
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2005-4560
-
http://www.f-secure.com/weblog/archives/archive-122005.html#00000753
Exploit;Vendor Advisory
-
http://www.us-cert.gov/cas/techalerts/TA06-005A.html
Third Party Advisory;US Government Resource
-
http://www.us-cert.gov/cas/techalerts/TA05-362A.html
Third Party Advisory;US Government Resource
-
http://www.vupen.com/english/advisories/2005/3086
Vendor Advisory
-
http://www.microsoft.com/technet/security/advisory/912840.mspx
Vendor Advisory
-
http://www.securityfocus.com/archive/1/420773/100/0/threaded
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1460
-
http://securitytracker.com/id?1015416
Exploit
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1564
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23846
-
http://www.securityfocus.com/archive/1/420288/100/0/threaded
-
http://vil.mcafeesecurity.com/vil/content/v_137760.htm
Vendor Advisory
-
http://www.securityfocus.com/archive/1/420367/100/0/threaded
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1492
-
http://www.securityfocus.com/archive/1/420446/100/0/threaded
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1612
-
http://www.securityfocus.com/archive/1/420351/100/0/threaded
-
http://www.securityfocus.com/archive/1/420664/30/7730/threaded
-
http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375341
-
http://www.securityfocus.com/archive/1/420378/100/0/threaded
-
http://www.securityfocus.com/archive/1/420357/100/0/threaded
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-001
-
http://www.securityfocus.com/archive/1/420684/100/0/threaded
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1433
-
http://linuxbox.org/pipermail/funsec/2006-January/002455.html
-
http://www.securityfocus.com/archive/1/420687/100/0/threaded
-
http://www.securityfocus.com/archive/1/420682/100/0/threaded
- http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375420
-
http://www.securityfocus.com/archive/1/420546/30/7730/threaded
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1431
-
http://www.kb.cert.org/vuls/id/181038
Third Party Advisory;US Government Resource
-
http://www.securityfocus.com/bid/16074
Microsoft Windows Graphics Rendering Engine WMF SetAbortProc Code Execution VulnerabilityExploit
-
http://support.avaya.com/elmodocs2/security/ASA-2006-001.htm
Vendor Advisory
Products affected by CVE-2005-4560
- cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:enterprise:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:standard:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:r2:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:web:sp1:*:*:*:*:*:*