Joined: 12 May 2004
|Posted: Fri Jan 13, 2006 7:26 am Post subject: [ GLSA 200601-09 ] Wine: Windows Metafile SETABORTPROC vulne
|Gentoo Linux Security Advisory
Title: Wine: Windows Metafile SETABORTPROC vulnerability (GLSA 200601-09)
Date: January 13, 2006
Updated: February 26, 2007
There is a flaw in Wine in the handling of Windows Metafiles (WMF) files, which could possibly result in the execution of arbitrary code.
Wine is a free implementation of Windows APIs for Unix-like systems.
Vulnerable: < 20060000
Vulnerable: > 20040000
Unaffected: >= 0.9
Architectures: All supported architectures
H D Moore discovered that Wine implements the insecure-by-design SETABORTPROC GDI Escape function for Windows Metafile (WMF) files.
An attacker could entice a user to open a specially crafted Windows Metafile (WMF) file from within a Wine executed Windows application, possibly resulting in the execution of arbitrary code with the rights of the user running Wine.
There is no known workaround at this time.
All Wine users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/wine-0.9.0"
Last edited by GLSA on Wed Feb 28, 2007 4:17 am; edited 4 times in total