GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Fri Jan 13, 2006 7:26 am Post subject: [ GLSA 200601-09 ] Wine: Windows Metafile SETABORTPROC vulne |
 |
|
Gentoo Linux Security Advisory
Title: Wine: Windows Metafile SETABORTPROC vulnerability (GLSA 200601-09)
Severity: normal
Exploitable: remote
Date: January 13, 2006
Updated: February 26, 2007
Bug(s): #118101
ID: 200601-09
Synopsis
There is a flaw in Wine in the handling of Windows Metafiles (WMF) files, which could possibly result in the execution of arbitrary code.
Background
Wine is a free implementation of Windows APIs for Unix-like systems.
Affected Packages
Package: app-emulation/wine
Vulnerable: < 20060000
Vulnerable: > 20040000
Unaffected: >= 0.9
Architectures: All supported architectures
Description
H D Moore discovered that Wine implements the insecure-by-design SETABORTPROC GDI Escape function for Windows Metafile (WMF) files.
Impact
An attacker could entice a user to open a specially crafted Windows Metafile (WMF) file from within a Wine executed Windows application, possibly resulting in the execution of arbitrary code with the rights of the user running Wine.
Workaround
There is no known workaround at this time.
Resolution
All Wine users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/wine-0.9.0" |
References
CVE-2006-0106
Last edited by GLSA on Wed Feb 28, 2007 4:17 am; edited 4 times in total |
|
News & Announcements
