Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Internet Security | DShield SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
MS06-026: Graphics Rendering Engine / Remote Code Execution
MS06 - 026 - KB 918547

** This vulnerability ONLY applies to Windows 98, 98SE, and ME (We aren't still running these, are we?).  Windows 2000, XP and beyond are not vulnerable **

This is a critical vulnerability in the Graphics Rednering Engine that allows remote code execution of the target system using specifically crafted WMF files.  When successfully exploited, the target system can be completely compromised.  This is a new vulnerability not associated with the WMF vulnerabilities from earlier this year.  An attacker can exploit this vulnerability by using a specifically crafted webpage (and getting the victim to view that page) or by sending an exploit in email (where the email reader renders images).

If you are running Windows 98, 98SE, or ME, you should upgrade your operating system to Windows 2000, XP or later.  If you cannot upgrade, this patch should be installed immediately.

John Bambenek -- University of Illinois


262 Posts
ISC Handler
Jun 13th 2006

Sign Up for Free or Log In to start participating in the conversation!