CVE-2005-2123: Buffer Overflow
First published: Tue Nov 29 2005(Updated: )
Multiple integer overflows in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allow remote attackers to execute arbitrary code via crafted Windows Metafile (WMF) and Enhanced Metafile (EMF) format images that lead to heap-based buffer overflows, as demonstrated using MRBP16::bCheckRecord.
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Windows 2003 Server | =64-bit | |
| Microsoft Windows 2003 Server | =itanium | |
| Microsoft Windows 2003 Server | =sp1 | |
| Microsoft Windows XP | ||
| Microsoft Windows XP | =sp1 | |
| Microsoft Windows 2003 Server | =sp1 | |
| Microsoft Windows 2003 Server | =r2 | |
| Microsoft Windows 2000 | =sp4 | |
| Microsoft Windows XP | =sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.eeye.com/html/research/advisories/AD20051108b.html
- http://www.kb.cert.org/vuls/id/300549
- http://www.securityfocus.com/bid/15352
- http://securitytracker.com/id?1015168
- http://secunia.com/advisories/17498
- http://support.avaya.com/elmodocs2/security/ASA-2005-228.pdf
- http://secunia.com/advisories/17461
- http://secunia.com/advisories/17223
- http://www.us-cert.gov/cas/techalerts/TA05-312A.html
- http://www.vupen.com/english/advisories/2005/2348
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A701
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1546
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1263
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1175
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1063
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-053
Frequently Asked Questions
What is the severity of CVE-2005-2123?
CVE-2005-2123 has a high severity rating due to its potential for remote code execution.
How do I fix CVE-2005-2123?
To fix CVE-2005-2123, install the latest security updates provided by Microsoft for affected Windows versions.
What systems are affected by CVE-2005-2123?
CVE-2005-2123 affects Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1.
What type of vulnerability is CVE-2005-2123?
CVE-2005-2123 is an integer overflow vulnerability in the Graphics Rendering Engine.
Can CVE-2005-2123 be exploited remotely?
Yes, attackers can exploit CVE-2005-2123 remotely through specially crafted image files.
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/tags
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- vendor/microsoft
- canonical/microsoft windows 2003 server
- version/microsoft windows 2003 server/64-bit
- version/microsoft windows 2003 server/itanium
- version/microsoft windows 2003 server/sp1
- canonical/microsoft windows xp
- version/microsoft windows xp/sp1
- version/microsoft windows 2003 server/r2
- canonical/microsoft windows 2000
- version/microsoft windows 2000/sp4
- version/microsoft windows xp/sp2