About: Windows Metafile vulnerability

Property	Value
dbo:abstract	La vulnerabilidad del metarchivo de Windows, también llamada ejecución de código de imagen del metarchivo y abreviada MCE, es una vulnerabilidad de seguridad en la forma en que algunas versiones del sistema operativo Microsoft Windows manejan imágenes en el formato de metarchivo de Windows. Permite que se ejecute código arbitrario en las computadoras afectadas sin el permiso de sus usuarios. Fue descubierto el 27 de diciembre de 2005 y los primeros informes de las computadoras afectadas se anunciaron en 24 horas. Microsoft lanzó una actualización de alta prioridad para eliminar esta vulnerabilidad a través de Windows Update el 5 de enero de 2006. Los ataques que usan esta vulnerabilidad se conocen como vulnerabilidades de WMF. La vulnerabilidad se encontraba en gdi32.dll y existía en todas las versiones de Microsoft Windows desde Windows 3.0 a Windows Server 2003 R2. Sin embargo, los vectores de ataque solo existen en versiones basadas en NT de Windows (Windows NT, Windows 2000, Windows XP y Windows Server 2003). Los exploits que aprovechan la vulnerabilidad en los sistemas basados en Windows NT facilitaron la propagación de varios tipos de malware, generalmente a través de descargas directas. Debido al impacto extremo, este error ganó el Premio Pwnie 2007 por "Mass 0wnage" y "Breaking the Internet". (es) The Windows Metafile vulnerability—also called the Metafile Image Code Execution and abbreviated MICE—is a security vulnerability in the way some versions of the Microsoft Windows operating system handled images in the Windows Metafile format. It permits arbitrary code to be executed on affected computers without the permission of their users. It was discovered on December 27, 2006, and the first reports of affected computers were announced within 24 hours. Microsoft released a high-priority update to eliminate this vulnerability via Windows Update on January 5, 2007. Attacks using this vulnerability are known as WMF exploits. The vulnerability was located in gdi32.dll and existed in all versions of Microsoft Windows from Windows 3.0 to Windows Server 2003 R2. However, attack vectors only exist in NT-based versions of Windows (Windows NT, Windows 2000, Windows XP and Windows Server 2003). Exploits taking advantage of the vulnerability on Windows NT-based systems facilitated the propagation of various types of malware, typically through drive-by downloads. Due to extreme impact, this bug won the 2007 Pwnie Award for "Mass 0wnage" and "Breaking the Internet". (en) WMF文件格式漏洞是一个源于微软Windows操作系统的漏洞，被一个计算机安全邮件列表Bugtraq于2005年12月27日公开[1] （页面存档备份，存于互联网档案馆），在24小时内就成为一些恶意程序，例如间谍软件和木马程序的载体。微软于1月6日发布了针对Windows 2000和Windows XP版本中不当处理WMF函数SETABORTPROC的补丁，并且在1月16日发布了针对Windows Vista的补丁，但是其他的操作系统仍旧会受到该漏洞的威胁。该漏洞源于Windows的核心模块gdi32.dll处理WMF格式的方式，允许在计算机上不经过用户许可即执行代码。因此该漏洞成为恶意代码的载体，通常被用来暗中下载其他恶意软件。1月9日，Bugtraq报告另外两个WMF函数ExtCreateRegion和ExtEscape也有同样的漏洞，但是微软声称这两个漏洞只会造成性能问题。 (zh)
dbo:wikiPageExternalLink	http://sunbeltblog.blogspot.com/2005/12/microsoft-clarifies-dep-issue.html http://www.hexblog.com/2006/01/wmf_vulnerability_checker.html http://www.icewalkers.com/Linux/Software/5400/libwmf.html http://www.nod32.ch/en/download/tools.php http://www.node707.com/archives/006520.shtml http://it.slashdot.org/it/06/01/02/1153244.shtml%3Ftid=201 http://msdn.microsoft.com/library/default.asp%3Furl=/library/en-us/gdi/prntspol_0883.asp http://msdn.microsoft.com/library/default.asp%3Furl=/library/en-us/gdi/prntspol_0d6b.asp https://web.archive.org/web/20060317204854/http:/blogs.zdnet.com/Ou/index.php%3Fp=146 http://isc.sans.org/diary.php%3Frss&storyid=996 http://isc.sans.org/diary.php%3Fstoryid=1010 http://isc.sans.org/diary.php%3Fstoryid=981 http://isc.sans.org/diary.php%3Fstoryid=992 http://isc.sans.org/diary.php%3Fstoryid=994 http://support.microsoft.com/%3Fkbid=272969 http://support.microsoft.com/kb/153790 http://support.microsoft.com/kb/843018 http://www.f-secure.com/weblog/archives/archive-012006.html%2300000761 http://www.f-secure.com/weblog/archives/archive-122005.html%2300000753 http://www.f-secure.com/weblog/archives/archive-122005.html%2300000756 http://blogs.securiteam.com/index.php/archives/210 http://vil.mcafeesecurity.com/vil/content/v_137760.htm http://www.grc.com/wmf/wmf.htm https://blogs.technet.microsoft.com/markrussinovich/2006/01/18/inside-the-wmf-backdoor/ http://secunia.com/advisories/18255/ http://www.metasploit.com/projects/Framework/exploits.html%23ie_xp_pfv_metafile http://www.hexblog.com/2005/12/wmf_vuln.html https://www.washingtonpost.com/wp-dyn/content/article/2005/12/29/AR2005122901456.html https://www.microsoft.com/athome/security/update/bulletins/200601_WMF.mspx https://www.microsoft.com/technet/security/Bulletin/ms06-001.mspx https://www.microsoft.com/technet/security/advisory/912840.mspx https://www.microsoft.com/technet/security/bulletin/ms08-021.mspx https://www.microsoft.com/technet/security/prodtech/windowsxp/depcnfxp.mspx https://www.pcmag.com/article2/0,2817,1907400,00.asp http://blogs.technet.com/msrc/archive/2006/01/13/417431.aspx
dbo:wikiPageID	3589914 (xsd:integer)
dbo:wikiPageLength	23120 (xsd:nonNegativeInteger)
dbo:wikiPageRevisionID	1124348754 (xsd:integer)
dbo:wikiPageWikiLink	dbr:Pwnie_Awards dbr:MD5 dbr:Third-party_software_component dbr:Return-oriented_programming dbr:Unix dbr:Unix-like dbr:Defence_in_depth dbr:Dynamic-link_library dbr:Windows_Metafile dbc:Windows_administration dbr:Compatibility_layer dbr:McAfee dbr:SANS_Institute dbr:Unofficial_patch dbr:Gibson_Research_Corporation dbr:Google_Desktop dbr:Mirror_website dbr:The_Register dbc:Computer_security_exploits dbr:Anti-virus dbr:Linux dbr:MacOS dbr:Slashdot dbr:Bifrost_(trojan_horse) dbr:Steve_Gibson_(computer_programmer) dbr:Common_Vulnerabilities_and_Exposures dbr:Emulator dbr:Software_architecture dbr:Patch_(computing) dbr:Podcast dbr:Spooling dbr:Windows_9x dbr:Washington_Post dbr:Windows_10 dbr:Windows_2000 dbr:Windows_3.0 dbr:Windows_Live_Messenger dbr:Windows_NT dbr:Windows_NT_4.0 dbr:Windows_Server_2003 dbr:Windows_XP dbr:Wine_(software) dbr:Drive-by_download dbr:Eset dbr:Data_Execution_Prevention dbr:F-Secure dbr:Firefox dbr:Bandwidth_(computing) dbr:Outlook_Express dbr:Checksum dbr:Graphics_Device_Interface dbr:Legacy_system dbr:Windows_Explorer dbr:Preview_(computing) dbr:Printing dbr:AOL_Instant_Messenger dbr:Internet_Explorer dbr:Internet_Storm_Center dbr:Backdoor_(computing) dbr:Trojan_horse_(computing) dbr:Booting dbr:Bézier_curve dbr:Freeware dbr:Windows_Server_2003_R2 dbr:Instant_messaging dbr:Metasploit_Project dbr:Microsoft dbr:Microsoft_Developer_Network dbr:Microsoft_Outlook dbr:Microsoft_Windows dbr:Opera_(web_browser) dbr:Operating_system dbr:Yahoo!_Messenger dbr:Windows_Desktop_Search dbr:Windows_Update dbr:Ilfak_Guilfanov dbr:Malware dbr:Web_cache dbr:Microsoft_Windows_Server_2003 dbr:Workaround dbr:Slashdot_effect dbr:US-CERT dbr:Sunbelt_Software dbr:E-mail_attachment dbr:Arbitrary_code dbr:Function_(computing) dbr:Vulnerability_(computer_science) dbr:Windows_NT_4 dbr:Secunia dbr:Notepad_(Windows) dbr:Payload_(software) dbr:Command_Prompt_(Windows) dbr:Security_Now! dbr:Anti-virus_software dbr:Exploit_(computer_science) dbr:NOD32 dbr:Alex_Eckelberry
dbp:wikiPageUsesTemplate	dbt:CVE dbt:Note dbt:Ref dbt:Reflist dbt:Use_mdy_dates dbt:Wikinews
dcterms:subject	dbc:Windows_administration dbc:Computer_security_exploits
rdf:type	yago:WikicatMicrosoftWindows yago:Artifact100021939 yago:Framework103391770 yago:Object100002684 yago:PhysicalEntity100001930 yago:Window104587648 yago:YagoGeoEntity yago:YagoPermanentlyLocatedEntity yago:Structure104341686 yago:SupportingStructure104361095 yago:Whole100003553
rdfs:comment	WMF文件格式漏洞是一个源于微软Windows操作系统的漏洞，被一个计算机安全邮件列表Bugtraq于2005年12月27日公开[1] （页面存档备份，存于互联网档案馆），在24小时内就成为一些恶意程序，例如间谍软件和木马程序的载体。微软于1月6日发布了针对Windows 2000和Windows XP版本中不当处理WMF函数SETABORTPROC的补丁，并且在1月16日发布了针对Windows Vista的补丁，但是其他的操作系统仍旧会受到该漏洞的威胁。该漏洞源于Windows的核心模块gdi32.dll处理WMF格式的方式，允许在计算机上不经过用户许可即执行代码。因此该漏洞成为恶意代码的载体，通常被用来暗中下载其他恶意软件。1月9日，Bugtraq报告另外两个WMF函数ExtCreateRegion和ExtEscape也有同样的漏洞，但是微软声称这两个漏洞只会造成性能问题。 (zh) La vulnerabilidad del metarchivo de Windows, también llamada ejecución de código de imagen del metarchivo y abreviada MCE, es una vulnerabilidad de seguridad en la forma en que algunas versiones del sistema operativo Microsoft Windows manejan imágenes en el formato de metarchivo de Windows. Permite que se ejecute código arbitrario en las computadoras afectadas sin el permiso de sus usuarios. Fue descubierto el 27 de diciembre de 2005 y los primeros informes de las computadoras afectadas se anunciaron en 24 horas. Microsoft lanzó una actualización de alta prioridad para eliminar esta vulnerabilidad a través de Windows Update el 5 de enero de 2006. Los ataques que usan esta vulnerabilidad se conocen como vulnerabilidades de WMF. (es) The Windows Metafile vulnerability—also called the Metafile Image Code Execution and abbreviated MICE—is a security vulnerability in the way some versions of the Microsoft Windows operating system handled images in the Windows Metafile format. It permits arbitrary code to be executed on affected computers without the permission of their users. It was discovered on December 27, 2006, and the first reports of affected computers were announced within 24 hours. Microsoft released a high-priority update to eliminate this vulnerability via Windows Update on January 5, 2007. Attacks using this vulnerability are known as WMF exploits. (en)
rdfs:label	Vulnerabilidad del metarchivo de Windows (es) Windows Metafile vulnerability (en) WMF文件格式漏洞 (zh)
owl:sameAs	freebase:Windows Metafile vulnerability yago-res:Windows Metafile vulnerability wikidata:Windows Metafile vulnerability dbpedia-es:Windows Metafile vulnerability dbpedia-fi:Windows Metafile vulnerability dbpedia-lmo:Windows Metafile vulnerability dbpedia-zh:Windows Metafile vulnerability https://global.dbpedia.org/id/3GuAp
prov:wasDerivedFrom	wikipedia-en:Windows_Metafile_vulnerability?oldid=1124348754&ns=0
foaf:isPrimaryTopicOf	wikipedia-en:Windows_Metafile_vulnerability
is dbo:wikiPageRedirects of	dbr:Metafile_image_code_execution dbr:Windows_Metafile_Vulnerability dbr:Windows_metafile_vulnerability dbr:WMF_Backdoor dbr:2005_WMF_vulnerability dbr:WMF_(exploit) dbr:WMF_Exploit dbr:WMF_exploit dbr:WMF_vulnerability dbr:Wmf_vulnerability
is dbo:wikiPageWikiLink of	dbr:Pwnie_Awards dbr:Metafile_image_code_execution dbr:Defensive_programming dbr:Windows_Metafile dbr:Stephen_Toulouse dbr:Steve_Gibson_(computer_programmer) dbr:Wine_(software) dbr:Drive-by_download dbr:Internet_Storm_Center dbr:Bifrost_(Trojan_horse) dbr:Mark_Russinovich dbr:Windows_Metafile_Vulnerability dbr:Windows_metafile_vulnerability dbr:Ilfak_Guilfanov dbr:WMF_Backdoor dbr:2005_WMF_vulnerability dbr:WMF_(exploit) dbr:WMF_Exploit dbr:WMF_exploit dbr:WMF_vulnerability dbr:Wmf_vulnerability
is foaf:primaryTopic of	wikipedia-en:Windows_Metafile_vulnerability