CVE-2005-2124: Buffer Overflow
First published: Tue Nov 29 2005(Updated: )
Unspecified vulnerability in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1, related to "An unchecked buffer" and possibly buffer overflows, allows remote attackers to execute arbitrary code via a crafted Windows Metafile (WMF) format image, aka "Windows Metafile Vulnerability."
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Windows Server 2003 | =64-bit | |
| Microsoft Windows Server 2003 | =itanium | |
| Microsoft Windows Server 2003 | =sp1 | |
| Microsoft Windows XP | ||
| Microsoft Windows XP | =sp1 | |
| Microsoft Windows Server 2003 | =sp1 | |
| Microsoft Windows Server 2003 | =r2 | |
| Microsoft Windows 2000 | =sp4 | |
| Microsoft Windows XP | =sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.eeye.com/html/research/advisories/AD20051108b.html
- http://www.kb.cert.org/vuls/id/433341
- http://securitytracker.com/id?1015168
- http://www.eeye.com/html/research/advisories/AD20051108a.html
- http://www.securityfocus.com/bid/15356
- http://secunia.com/advisories/17498
- http://support.avaya.com/elmodocs2/security/ASA-2005-228.pdf
- http://secunia.com/advisories/17461
- http://secunia.com/advisories/17223
- http://www.us-cert.gov/cas/techalerts/TA05-312A.html
- http://securityreason.com/securityalert/161
- http://www.vupen.com/english/advisories/2005/2348
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-053
Frequently Asked Questions
What is the severity of CVE-2005-2124?
CVE-2005-2124 is classified as a critical vulnerability that can allow remote code execution.
How do I fix CVE-2005-2124?
To mitigate CVE-2005-2124, apply the latest security patches provided by Microsoft for affected operating systems.
Which operating systems are affected by CVE-2005-2124?
CVE-2005-2124 affects Windows 2000 SP4, Windows XP SP1 and SP2, and Windows Server 2003 SP1.
What type of attack is possible with CVE-2005-2124?
CVE-2005-2124 allows remote attackers to execute arbitrary code through specially crafted Windows Metafile images.
Is there a workaround for CVE-2005-2124 if I cannot apply the patch?
If unable to patch for CVE-2005-2124, consider disabling the Graphics Rendering Engine, though this may affect system functionality.
- agent/type
- agent/softwarecombine
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/references
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/microsoft
- canonical/microsoft windows server 2003
- version/microsoft windows server 2003/64-bit
- version/microsoft windows server 2003/itanium
- version/microsoft windows server 2003/sp1
- canonical/microsoft windows xp
- version/microsoft windows xp/sp1
- version/microsoft windows server 2003/r2
- canonical/microsoft windows 2000
- version/microsoft windows 2000/sp4
- version/microsoft windows xp/sp2