Описание
The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 allows remote attackers to cause a denial of service (application crash) via a crafted Enhanced Metafile (EMF) file that causes invalid (1) end, (2) emreof, or (3) palent offsets to be used, aka "Enhanced Metafile Vulnerability."
Ссылки
- Vendor Advisory
- Vendor Advisory
- US Government Resource
- Exploit
- US Government Resource
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
EPSS
Процентиль: 99%
0.78075
Высокий
5 Medium
CVSS2
Дефекты
CWE-399
Связанные уязвимости
github
почти 4 года назад
The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 allows remote attackers to cause a denial of service (application crash) via a crafted Enhanced Metafile (EMF) file that causes invalid (1) end, (2) emreof, or (3) palent offsets to be used, aka "Enhanced Metafile Vulnerability."
EPSS
Процентиль: 99%
0.78075
Высокий
5 Medium
CVSS2
Дефекты
CWE-399