Integer overflow in the PolyPolygon function in Graphics Rendering Engine on Microsoft Windows 98 and Me allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) or EMF image with a sum of entries in the vertext counts array and number of polygons that triggers a heap-based buffer overflow.
Vector
NETWORK
Complexity
LOW
Authentication
NONE
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL
| Advisory | Patch | Confirmed | Link |
|---|---|---|---|
| win-gre-wmf-code-execution(26815) | |||
| MS06-026 | |||
| ADV-2006-2324 | |||
| TA06-164A | |||
| 18322 | |||
| 20060613 SYMSA-2006-004: Vulnerability in Graphics Rende... | |||
| VU#909508 | |||
| 1016286 | |||
| 1094 |