// For flags

CVE-2005-4560

Microsoft Windows XP/Vista/2003 - Metafile Escape() SetAbortProc Code Execution (MS06-001)

Severity Score

7.5
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

4
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and CVE-2005-2124, and as originally discovered in the wild on unionseek.com.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2005-12-28 CVE Reserved
  • 2005-12-28 CVE Published
  • 2010-09-20 First Exploit
  • 2024-04-18 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-20: Improper Input Validation
CAPEC
References (39)
URL Tag Source
http://linuxbox.org/pipermail/funsec/2006-January/002455.html X_refsource_misc
http://www.kb.cert.org/vuls/id/181038 Third Party Advisory
http://www.securityfocus.com/archive/1/420288/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/420351/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/420357/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/420367/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/420378/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/420446/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/420546/30/7730/threaded Mailing List
http://www.securityfocus.com/archive/1/420664/30/7730/threaded Mailing List
http://www.securityfocus.com/archive/1/420682/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/420684/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/420687/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/420773/100/0/threaded Mailing List
http://www.us-cert.gov/cas/techalerts/TA05-362A.html Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA06-005A.html Third Party Advisory
http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375341 X_refsource_misc
http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375420 X_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/23846 Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1431 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1433 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1460 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1492 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1564 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1612 Signature
http://wvware.sourceforge.net/caolan/ora-wmf.html
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Microsoft
Search vendor "Microsoft"
Windows 2003 Server
Search vendor "Microsoft" for product "Windows 2003 Server"
enterprise
Search vendor "Microsoft" for product "Windows 2003 Server" and version "enterprise"
64-bit
Affected
Microsoft
Search vendor "Microsoft"
Windows 2003 Server
Search vendor "Microsoft" for product "Windows 2003 Server"
enterprise
Search vendor "Microsoft" for product "Windows 2003 Server" and version "enterprise"
sp1
Affected
Microsoft
Search vendor "Microsoft"
Windows 2003 Server
Search vendor "Microsoft" for product "Windows 2003 Server"
r2
Search vendor "Microsoft" for product "Windows 2003 Server" and version "r2"
64-bit
Affected
Microsoft
Search vendor "Microsoft"
Windows 2003 Server
Search vendor "Microsoft" for product "Windows 2003 Server"
r2
Search vendor "Microsoft" for product "Windows 2003 Server" and version "r2"
sp1
Affected
Microsoft
Search vendor "Microsoft"
Windows 2003 Server
Search vendor "Microsoft" for product "Windows 2003 Server"
standard
Search vendor "Microsoft" for product "Windows 2003 Server" and version "standard"
64-bit
Affected
Microsoft
Search vendor "Microsoft"
Windows 2003 Server
Search vendor "Microsoft" for product "Windows 2003 Server"
standard
Search vendor "Microsoft" for product "Windows 2003 Server" and version "standard"
sp1
Affected
Microsoft
Search vendor "Microsoft"
Windows 2003 Server
Search vendor "Microsoft" for product "Windows 2003 Server"
web
Search vendor "Microsoft" for product "Windows 2003 Server" and version "web"
-
Affected
Microsoft
Search vendor "Microsoft"
Windows 2003 Server
Search vendor "Microsoft" for product "Windows 2003 Server"
web
Search vendor "Microsoft" for product "Windows 2003 Server" and version "web"
sp1
Affected
Microsoft
Search vendor "Microsoft"
Windows Xp
Search vendor "Microsoft" for product "Windows Xp"
*home
Affected
Microsoft
Search vendor "Microsoft"
Windows Xp
Search vendor "Microsoft" for product "Windows Xp"
*media_center
Affected
Microsoft
Search vendor "Microsoft"
Windows Xp
Search vendor "Microsoft" for product "Windows Xp"
*gold, professional
Affected
Microsoft
Search vendor "Microsoft"
Windows Xp
Search vendor "Microsoft" for product "Windows Xp"
*sp1, home
Affected
Microsoft
Search vendor "Microsoft"
Windows Xp
Search vendor "Microsoft" for product "Windows Xp"
*sp1, media_center
Affected
Microsoft
Search vendor "Microsoft"
Windows Xp
Search vendor "Microsoft" for product "Windows Xp"
*sp2, home
Affected
Microsoft
Search vendor "Microsoft"
Windows Xp
Search vendor "Microsoft" for product "Windows Xp"
*sp2, media_center
Affected
Microsoft
Search vendor "Microsoft"
Windows Xp
Search vendor "Microsoft" for product "Windows Xp"
*sp2, tablet_pc
Affected