All, I have assigned CVE-2006-0106 for the WMF issue in Wine. This is a separate candidate than CVE-2005-4560. This could justifiably be argued as a design problem in WMF itself, but lately CVE has been splitting these issues - the rationale being "if it's a design error then each implementation has its own responsibility to work around it."
- Steve ====================================================== Name: CVE-2006-0106 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0106 Reference: MLIST:[Dailydave] 20060105 WMF goes away :< Reference: URL:http://lists.immunitysec.com/pipermail/dailydave/2006-January/002806.html Reference: MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346197 Reference: FRSIRT:ADV-2006-0098 Reference: URL:http://www.frsirt.com/english/advisories/2006/0098 Reference: SECUNIA:18323 Reference: URL:http://secunia.com/advisories/18323 gdi/driver.c and gdi/printdrv.c in Wine 20050930, and other versions, implement the SETABORTPROC GDI Escape function call for Windows Metafile (WMF) files, which allows attackers to execute arbitrary code, the same vulnerability as CVE-2005-4560 but in a different codebase. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
