Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

0

CVE-2005-4560

Disclosure Date: December 28, 2005 •

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Metasploit Module

Windows XP/2003/Vista Metafile Escape() SetAbortProc Code Execution

Description

The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and CVE-2005-2124, and as originally discovered in the wild on unionseek.com.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

microsoft

Products

Weaknesses

CWE-20

Metasploit Modules

Windows XP/2003/Vista Metafile Escape() SetAbortProc Code Execution (https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ms06_001_wmf_setabortproc.rb)

References

Canonical

CVE-2005-4560 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4560)

BID-16074 (http://www.securityfocus.com/bid/16074)

Advisory

20051228 Re: Is this a new exploit? (http://www.securityfocus.com/archive/1/420367/100/0/threaded)

20051228 WMF Exploit (http://www.securityfocus.com/archive/1/420378/100/0/threaded)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1492

20051228 RE: [Full-disclosure] Someone wasted a nice bug on spyware... (http://www.securityfocus.com/archive/1/420357/100/0/threaded)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1564

SECUNIA-18255 (http://secunia.com/advisories/18255)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1612

ADV-2005-3086 (http://www.vupen.com/english/advisories/2005/3086)

SECTRACK-1015416 (http://securitytracker.com/id?1015416)

20051227 Exploitation of Windows WMF on the web (http://www.securityfocus.com/archive/1/420351/100/0/threaded)

20051229 WMF exploit (http://www.securityfocus.com/archive/1/420446/100/0/threaded)

XF-win-wmf-execute-code(23846) (https://exchange.xforce.ibmcloud.com/vulnerabilities/23846)

SECUNIA-18364 (http://secunia.com/advisories/18364)

20060104 Another WMF exploit workaround (http://www.securityfocus.com/archive/1/420773/100/0/threaded)

SECUNIA-18415 (http://secunia.com/advisories/18415)

20060101 Re: RE: WMF Exploit (http://www.securityfocus.com/archive/1/420664/30/7730/threaded)

20060103 Re: [funsec] WMF round-up, updates and de-mystification (http://www.securityfocus.com/archive/1/420687/100/0/threaded)

20060103 WMF round-up, updates and de-mystification (http://www.securityfocus.com/archive/1/420682/100/0/threaded)

SECUNIA-18311 (http://secunia.com/advisories/18311)

TA05-362A (http://www.us-cert.gov/cas/techalerts/TA05-362A.html)

20051229 RE: WMF Exploit (http://www.securityfocus.com/archive/1/420546/30/7730/threaded)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1431

20051227 Is this a new exploit? (http://www.securityfocus.com/archive/1/420288/100/0/threaded)

VU#181038 (http://www.kb.cert.org/vuls/id/181038)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1460

MS06-001 (https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-001)

20060103 WMF SETABORTPROC exploit (http://www.securityfocus.com/archive/1/420684/100/0/threaded)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1433

TA06-005A (http://www.us-cert.gov/cas/techalerts/TA06-005A.html)

Miscellaneous

http://vil.mcafeesecurity.com/vil/content/v_137760.htm

http://www.f-secure.com/weblog/archives/archive-122005.html#00000753

http://linuxbox.org/pipermail/funsec/2006-January/002455.html

http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375341

http://support.avaya.com/elmodocs2/security/ASA-2006-001.htm

http://www.microsoft.com/technet/security/advisory/912840.mspx

http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375420

Rapid7

Technical Analysis