This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
HTTP:EXT:METAFILE
|
Severity |
Warning
|
Recommended |
No
|
Category |
HTTP
|
Keywords |
Metafile Extension Request
|
Release Date |
2004/04/21
|
Update Number |
1213
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: Metafile Extension Request
This signature detects metafiles (files with .emf or .wmf extensions) in a Web page. Some versions of Microsoft Windows produce boundary errors when processing metafiles, enabling attackers to create a denial of service (DoS) and execute arbitrary code.
Extended Description
It has been reported that Windows may be prone to a remote buffer overflow vulnerability when rendering WMF/EMF image files. An attacker could create a malicious WMF or EMF file and entice a user to view the file via an application that supports the WMF and EMF formats. Immediate consequences of this attack may result in a denial of service condition, however, it is possible that an attacker could leverage this issue to execute arbitrary code in the context of the vulnerable user.
This issue may be similar to the vulnerabilities described in BID 9892 (Microsoft Windows XP explorer.exe Remote Denial of Service Vulnerability) and BID 9707 (Microsoft Windows XP explorer.exe Multiple Memory Corruption Vulnerabilities).
Affected Products
- Avaya definityone_media_servers
- Avaya ip600_media_servers
- Avaya s3400_message_application_server
- Avaya s8100_media_servers
- Microsoft windows_2000_advanced_server SP1
- Microsoft windows_2000_advanced_server SP2
- Microsoft windows_2000_advanced_server SP3
- Microsoft windows_2000_advanced_server SP4
- Microsoft windows_2000_advanced_server
- Microsoft windows_2000_datacenter_server SP1
- Microsoft windows_2000_datacenter_server SP2
- Microsoft windows_2000_datacenter_server SP3
- Microsoft windows_2000_datacenter_server SP4
- Microsoft windows_2000_datacenter_server
- Microsoft windows_2000_professional SP1
- Microsoft windows_2000_professional SP2
- Microsoft windows_2000_professional SP3
- Microsoft windows_2000_professional SP4
- Microsoft windows_2000_professional
- Microsoft windows_2000_server SP1
- Microsoft windows_2000_server SP2
- Microsoft windows_2000_server SP3
- Microsoft windows_2000_server SP4
- Microsoft windows_2000_server
- Microsoft windows_nt 4.0 SP6a
- Microsoft windows_nt_enterprise_server 4.0
- Microsoft windows_nt_enterprise_server 4.0 SP1
- Microsoft windows_nt_enterprise_server 4.0 SP2
- Microsoft windows_nt_enterprise_server 4.0 SP3
- Microsoft windows_nt_enterprise_server 4.0 SP4
- Microsoft windows_nt_enterprise_server 4.0 SP5
- Microsoft windows_nt_enterprise_server 4.0 SP6
- Microsoft windows_nt_enterprise_server 4.0 SP6a
- Microsoft windows_nt_server 4.0
- Microsoft windows_nt_server 4.0 SP1
- Microsoft windows_nt_server 4.0 SP2
- Microsoft windows_nt_server 4.0 SP3
- Microsoft windows_nt_server 4.0 SP4
- Microsoft windows_nt_server 4.0 SP5
- Microsoft windows_nt_server 4.0 SP6
- Microsoft windows_nt_server 4.0 SP6a
- Microsoft windows_nt_terminal_server 4.0
- Microsoft windows_nt_terminal_server 4.0 SP1
- Microsoft windows_nt_terminal_server 4.0 SP2
- Microsoft windows_nt_terminal_server 4.0 SP3
- Microsoft windows_nt_terminal_server 4.0 SP4
- Microsoft windows_nt_terminal_server 4.0 SP5
- Microsoft windows_nt_terminal_server 4.0 SP6
- Microsoft windows_nt_workstation 4.0
- Microsoft windows_nt_workstation 4.0 SP1
- Microsoft windows_nt_workstation 4.0 SP2
- Microsoft windows_nt_workstation 4.0 SP3
- Microsoft windows_nt_workstation 4.0 SP4
- Microsoft windows_nt_workstation 4.0 SP5
- Microsoft windows_nt_workstation 4.0 SP6
- Microsoft windows_nt_workstation 4.0 SP6a
- Microsoft windows_xp_64-bit_edition SP1
- Microsoft windows_xp_64-bit_edition
- Microsoft windows_xp_64-bit_edition_version_2003 SP1
- Microsoft windows_xp_64-bit_edition_version_2003
- Microsoft windows_xp_embedded SP1
- Microsoft windows_xp_embedded
- Microsoft windows_xp_home SP1
- Microsoft windows_xp_home
- Microsoft windows_xp_media_center_edition
- Microsoft windows_xp_professional SP1
- Microsoft windows_xp_professional
- Microsoft windows_xp_tablet_pc_edition SP1
References