-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA06-005A Update for Microsoft Windows Metafile Vulnerability Original release date: January 5, 2006 Last revised: -- Source: US-CERT Systems Affected * Systems running Microsoft Windows Overview Microsoft Security Bulletin MS06-001 contains an update to fix a vulnerability in the way Microsoft Windows handles images in the Windows Metafile (WMF) format. I. Description TA05-362A describes a vulnerability in the way Microsoft Windows handles Windows Metafile images. This vulnerability could allow a remote attacker to execute arbitrary code. Microsoft Security Bulletin MS06-001 contains an update to fix this vulnerability. The vulnerability is described in further detail in VU#181038. II. Impact A remote, unauthenticated attacker may be able to execute arbitrary code if the user is persuaded to view a specially crafted Windows Metafile. III. Solution Apply a patch from your vendor Install the appropriate update according to Microsoft Security Bulletin MS06-001. Appendix A. References * Microsoft Security Bulletin MS06-001 - <http://www.microsoft.com/technet/security/Bulletin/MS06-001.mspx> * US-CERT Vulnerability Note VU#181038 - <http://www.kb.cert.org/vuls/id/181038> * US-CERT Technical Cyber Security Alert TA05-362A - <http://www.us-cert.gov/cas/techalerts/TA05-362A.html> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA06-005A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@xxxxxxxx> with "TA06-005A Feedback VU#181038" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2006 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History January 5, 2006: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBQ72ZA30pj593lg50AQLAqgf/Wwj2V0SfgA61RdAw1H8GxAaWjb3Hsuix 8DMAcZv8yITiZLkt2JD/d1piq28v0o23g0TR2I2F5sj+8GsfkmYGLOGkoqYJ4v+0 8yD3JZIxwcR+OJlA29HZebBHUNR00QBUQEb369QK9mntVqUZ/XKGiW05mQPODwhr rFJQy3hB54evEGltScn4wTzzEB2YsSShKlBCAPOVLocLUNIZ1X60n234fe0YLABK IUpDp6g/CrDmQ3fQYLfBGQQD462NIdccYzeYNARCOSR77dHbPYAiMvNQiiJSvrEp 4Iz2Gkm0T+jA9o4SgmkuYOtA/+3XaWXDgUP3d6Kwfo4cm9LzciF+vQ== =GfKm -----END PGP SIGNATURE-----