• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft Windows Graphics Rendering Engine WMF SetAbortProc Code Execution Vulnerability

Solution:

Please see the referenced advisories for more information:

- Microsoft has released a security advisory (Microsoft Security Advisory (912840)) confirming this issue. The referenced advisory contains information about workarounds; the vendor plans to release updates in the near future.
- Microsoft has released a security advisory (Microsoft Security Bulletin MS06-001) to address this issue for supported operating systems. Reports indicate that users who have disabled Microsoft Windows Picture and Fax Viewer by deregistering 'shimgvw.dll' may have to register it manually after applying fixes released by Microsoft. Please see the Workaround section for instructions on registering 'shimgvw.dll'.
- Avaya has released advisory ASA-2006-001 to identify vulnerable Avaya products. Avaya recommends installing Microsoft fixes to address this issue on affected computers.
- Gentoo Linux has released advisory GLSA 200601-09 to address this issue in Wine. Users of affected packages should execute the following commands with superuser privileges:

emerge --sync
emerge --ask --oneshot --verbose ">=app-emulation/wine-20050930"

- Nortel Networks has released a security advisory to address this issue in various products.
- Microsoft has released patches to address this issue in Microsoft Windows Vista Beta 1 and Windows Vista December CTP (Community Technology Preview). See fixes for the Windows Vista December CTP (Community Technology Preview) patch. Users are advised to contact Microsoft for the Windows Vista Beta 1 patch.
- Gentoo has released advisory GLSA 200601-09:02 to replace fixes that were released as part of the Gentoo advisory 200601-09. The fixes released in the previous advisory did not properly address this issue. Please see the referenced advisory for more information. All Wine users should re-emerge Wine by carrying out the following commands:

emerge --sync
emerge --ask --oneshot --verbose ">=app-emulation/wine-0.9.0"

- Debian has released advisory DSA 954-1 to address this issue in Wine. Please see the referenced advisory for more information.


Microsoft Windows Server 2003 Datacenter Edition SP1

• Microsoft Security Update for Windows Server 2003 (KB912919)
  http://www.microsoft.com/downloads/details.aspx?familyid=1584AAE0-51CE -47D6-9A03-DB5B9077F1F2&displaylang=en

Microsoft Windows XP Media Center Edition SP1

• Microsoft Security Update for Windows XP (KB912919)
  http://www.microsoft.com/downloads/details.aspx?familyid=0C1B4C96-57AE -499E-B89B-215B7BB4D8E9&displaylang=en

Microsoft Windows XP Tablet PC Edition SP2

• Microsoft Security Update for Windows XP (KB912919)
  http://www.microsoft.com/downloads/details.aspx?familyid=0C1B4C96-57AE -499E-B89B-215B7BB4D8E9&displaylang=en

Microsoft Windows Server 2003 Standard Edition SP1

• Microsoft Security Update for Windows Server 2003 (KB912919)
  http://www.microsoft.com/downloads/details.aspx?familyid=1584AAE0-51CE -47D6-9A03-DB5B9077F1F2&displaylang=en

Microsoft Windows Server 2003 Standard Edition

• Microsoft Security Update for Windows Server 2003 (KB912919)
  http://www.microsoft.com/downloads/details.aspx?familyid=1584AAE0-51CE -47D6-9A03-DB5B9077F1F2&displaylang=en

Microsoft Windows Server 2003 Enterprise x64 Edition

• Microsoft Security Update for Windows Server x64 Edition (KB912919)
  http://www.microsoft.com/downloads/details.aspx?familyid=A8F4DCBA-5D28 -4D9D-A6A4-3B71108CFE2D&displaylang=en

Microsoft Windows Server 2003 Datacenter Edition Itanium 0

• Microsoft Security Update for Windows Server 2003 64-bit Itanium Edition (KB912919)
  http://www.microsoft.com/downloads/details.aspx?familyid=6E372D41-2C16 -415E-8306-A5CA8845CC09&displaylang=en

Microsoft Windows Server 2003 Enterprise Edition SP1

• Microsoft Security Update for Windows Server 2003 (KB912919)
  http://www.microsoft.com/downloads/details.aspx?familyid=1584AAE0-51CE -47D6-9A03-DB5B9077F1F2&displaylang=en

Microsoft Windows Vista December CTP

• Microsoft Security Update for Windows Vista December CTP (KB912919)
  http://www.microsoft.com/downloads/details.aspx?familyid=228f2cdc-7148 -4002-86bb-e4ade080ea86&displaylang=en

Microsoft Windows Server 2003 Datacenter Edition

• Microsoft Security Update for Windows Server 2003 (KB912919)
  http://www.microsoft.com/downloads/details.aspx?familyid=1584AAE0-51CE -47D6-9A03-DB5B9077F1F2&displaylang=en

Microsoft Windows 2000 Advanced Server SP4

• Microsoft Security Update for Windows 2000 (KB912919)
  http://www.microsoft.com/downloads/details.aspx?familyid=AA9E27BD-CB9A -4EF1-92A3-00FFE7B2AC74&displaylang=en

Microsoft Windows XP Home SP1

• Microsoft Security Update for Windows XP (KB912919)
  http://www.microsoft.com/downloads/details.aspx?familyid=0C1B4C96-57AE -499E-B89B-215B7BB4D8E9&displaylang=en

Microsoft Windows XP Professional x64 Edition

• Microsoft Security Update for Windows XP x64 Edition (KB912919)
  http://www.microsoft.com/downloads/details.aspx?familyid=3A1166E6-5E9E -4E73-BCD4-28ECA6ECE877&displaylang=en

Microsoft Windows Server 2003 Datacenter Edition Itanium SP1

• Microsoft Security Update for Windows Server 2003 64-bit Itanium Edition (KB912919)
  http://www.microsoft.com/downloads/details.aspx?familyid=6E372D41-2C16 -415E-8306-A5CA8845CC09&displaylang=en

Microsoft Windows Server 2003 Standard x64 Edition

• Microsoft Security Update for Windows Server x64 Edition (KB912919)
  http://www.microsoft.com/downloads/details.aspx?familyid=A8F4DCBA-5D28 -4D9D-A6A4-3B71108CFE2D&displaylang=en