Signature Detail

HTTP: Microsoft Windows Explorer WMF File Denial of Service

This signature detects attempts to exploit a known vulnerability against Microsoft Windows Explorer. A successful attack can result in a denial-of-service condition.

Extended Description

Microsoft Windows Explorer is prone to a denial-of-service vulnerability. A remote attacker may exploit this vulnerability by presenting a malicious file to a victim user and enticing them to open it with the vulnerable application. Users that simply browse folders containing the malicious file will also trigger this issue. A successful exploit will crash the vulnerable application, effectively denying service. This issue may be related to BID 19365: Microsoft Windows GDI32.DLL WMF Remote Denial of Service Vulnerability.

Affected Products

• Microsoft Windows Explorer
• Microsoft Windows XP
• Microsoft Windows XP 64-bit Edition SP1
• Microsoft Windows XP 64-bit Edition
• Microsoft Windows XP 64-bit Edition Version 2003 SP1
• Microsoft Windows XP 64-bit Edition Version 2003
• Microsoft Windows XP Gold
• Microsoft Windows XP Home SP1
• Microsoft Windows XP Home SP2
• Microsoft Windows XP Home
• Microsoft Windows XP Media Center Edition SP1
• Microsoft Windows XP Media Center Edition SP2
• Microsoft Windows XP Media Center Edition
• Microsoft Windows XP Professional SP1
• Microsoft Windows XP Professional SP2
• Microsoft Windows XP Professional
• Microsoft Windows XP Professional x64 Edition
• Microsoft Windows XP Tablet PC Edition SP1
• Microsoft Windows XP Tablet PC Edition SP2
• Microsoft Windows XP Tablet PC Edition

References

• BugTraq: 21992
• CVE: CVE-2006-4071