Integer Overflow Vulnerability in Graphics Rendering Engine of Microsoft Windows Products
CVE-2006-2376

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows 98se; Windows Me; Windows 98
Vendor: CVE Published:; 13 June 2006

Summary

The Graphics Rendering Engine in Microsoft Windows 98 and Me contains an integer overflow vulnerability within the PolyPolygon function. This flaw enables remote attackers to potentially execute arbitrary code by manipulating a specially crafted Windows Metafile (WMF) or Enhanced Metafile (EMF) image. The exploit involves a specific condition where the sum of the entries in the vertex counts array and the number of polygons leads to a heap-based buffer overflow, allowing unauthorized actions on the affected system.

References

http://securityreason.com/securityalert/1094

third-party-advisoryx_refsource_SREASON

http://www.vupen.com/english/advisories/2006/2324

vdb-entryx_refsource_VUPEN

http://www.osvdb.org/26431

vdb-entryx_refsource_OSVDB

EPSS Score

60% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 13, 2006
Vulnerability Reserved
May 15, 2006