MS06-026: Graphics Rendering Engine / Remote Code Execution

Published: 2006-06-13
Last Updated: 2006-06-13 18:03:46 UTC
by John Bambenek (Version: 1)
0 comment(s)
MS06 - 026 - KB 918547

** This vulnerability ONLY applies to Windows 98, 98SE, and ME (We aren't still running these, are we?).  Windows 2000, XP and beyond are not vulnerable **

This is a critical vulnerability in the Graphics Rednering Engine that allows remote code execution of the target system using specifically crafted WMF files.  When successfully exploited, the target system can be completely compromised.  This is a new vulnerability not associated with the WMF vulnerabilities from earlier this year.  An attacker can exploit this vulnerability by using a specifically crafted webpage (and getting the victim to view that page) or by sending an exploit in email (where the email reader renders images).

If you are running Windows 98, 98SE, or ME, you should upgrade your operating system to Windows 2000, XP or later.  If you cannot upgrade, this patch should be installed immediately.

John Bambenek -- University of Illinois

0 comment(s)


Diary Archives