Microsoft Windows Graphics Rendering Engine WMF SetAbortProc Code Execution Vulnerability

Solution:

Please see the referenced advisories for more information:

- Microsoft has released a security advisory (Microsoft Security Advisory (912840)) confirming this issue. The referenced advisory contains information about workarounds; the vendor plans to release updates in the near future.
- Microsoft has released a security advisory (Microsoft Security Bulletin MS06-001) to address this issue for supported operating systems. Reports indicate that users who have disabled Microsoft Windows Picture and Fax Viewer by deregistering 'shimgvw.dll' may have to register it manually after applying fixes released by Microsoft. Please see the Workaround section for instructions on registering 'shimgvw.dll'.
- Avaya has released advisory ASA-2006-001 to identify vulnerable Avaya products. Avaya recommends installing Microsoft fixes to address this issue on affected computers.
- Gentoo Linux has released advisory GLSA 200601-09 to address this issue in Wine. Users of affected packages should execute the following commands with superuser privileges:

emerge --sync
emerge --ask --oneshot --verbose ">=app-emulation/wine-20050930"

- Nortel Networks has released a security advisory to address this issue in various products.
- Microsoft has released patches to address this issue in Microsoft Windows Vista Beta 1 and Windows Vista December CTP (Community Technology Preview). See fixes for the Windows Vista December CTP (Community Technology Preview) patch. Users are advised to contact Microsoft for the Windows Vista Beta 1 patch.
- Gentoo has released advisory GLSA 200601-09:02 to replace fixes that were released as part of the Gentoo advisory 200601-09. The fixes released in the previous advisory did not properly address this issue. Please see the referenced advisory for more information. All Wine users should re-emerge Wine by carrying out the following commands:

emerge --sync
emerge --ask --oneshot --verbose ">=app-emulation/wine-0.9.0"

- Debian has released advisory DSA 954-1 to address this issue in Wine. Please see the referenced advisory for more information.


Microsoft Windows Server 2003 Datacenter Edition SP1

Microsoft Windows XP Media Center Edition SP1

Microsoft Windows XP Tablet PC Edition SP2

Microsoft Windows Server 2003 Standard Edition SP1

Microsoft Windows Server 2003 Standard Edition

Microsoft Windows Server 2003 Enterprise x64 Edition

Microsoft Windows Server 2003 Datacenter Edition Itanium 0

Microsoft Windows Server 2003 Enterprise Edition SP1

Microsoft Windows Vista December CTP

Microsoft Windows Server 2003 Datacenter Edition

Microsoft Windows 2000 Advanced Server SP4

Microsoft Windows XP Home SP1

Microsoft Windows XP Professional x64 Edition

Microsoft Windows Server 2003 Datacenter Edition Itanium SP1

Microsoft Windows Server 2003 Standard x64 Edition


 

Privacy Statement
Copyright 2010, SecurityFocus