Integer overflow in the PolyPolygon function in Graphics Rendering Engine on Microsoft Windows 98 and Me allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) or EMF image with a sum of entries in the vertext counts array and number of polygons that triggers a heap-based buffer overflow.
Vector
NETWORK
Complexity
LOW
Authentication
NONE
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL
Advisory | Patch | Confirmed | Link |
---|---|---|---|
win-gre-wmf-code-execution(26815) | |||
MS06-026 | |||
ADV-2006-2324 | |||
TA06-164A | |||
18322 | |||
20060613 SYMSA-2006-004: Vulnerability in Graphics Rende... | |||
VU#909508 | |||
1016286 | |||
1094 |