Content

MS Vulnerability MS06-001

Type
Vulnerability
SubType
Microsoft
Discovery Date
01/05/2006
Length
Minimum DAT
N/A ( )
Updated DAT
N/A ( )
Minimum Engine
N/A
Description Added
01/05/2006
Description Modified
01/05/2006 1:16 PM (PT)
Risk Assessment
Corporate User
N/A
Home User
N/A

Tab Navigation

Characteristics

The following Microsoft vulnerability was announced on January 5, 2006.

Microsoft Security Bulletin MS06-001
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919)

For Microsoft's details of this vulnerability please see: http://www.microsoft.com/technet/security/bulletin/MS06-001.mspx

Symptoms

Method of Infection

Removal

McAfee DAT Files
 The 4666 DAT files, or newer, contain detection of threats attempting to exploit this vulnerability.  See: Exploit-WMF

McAfee Entercept
 McAfee Entercept blocks code execution as a result of the buffer overflow.

McAfee VirusScan Enterprise 8.0i / Managed VirusScan
McAfee VirusScan Enterprise 8.0i blocks code execution as a result of the buffer overflow if the malicious file is opened in Internet Explorer or Windows explorer.  Exploit files may be downloaded by Internet Explorer, rather than being rendered by IE, and subsequently launched by internal applications thus by passing VSE8.0i/MVS buffer overflow protection in this scenario.

McAfee IntruShield
 Updated signatures are included in signature sets 2.1.32.3; 1.9.49.3, 1.8.66.3, 3.1.5.4, and later.

McAfee Foundstone
 Updated signatures are available.

McAfee System Compliance Profiler
 System Compliance Profile users can detect this vulnerability by:

Downloading the file: MS06-001(Q912919).txt

Copy the contents of the above file, and paste within your main ruleset group.

Variants

Variants

    N/A

All Information

Overview -

Characteristics

Characteristics -

The following Microsoft vulnerability was announced on January 5, 2006.

Microsoft Security Bulletin MS06-001
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919)

For Microsoft's details of this vulnerability please see: http://www.microsoft.com/technet/security/bulletin/MS06-001.mspx

Symptoms

Symptoms -

Method of Infection

Method of Infection -

Removal -

Removal -

McAfee DAT Files
 The 4666 DAT files, or newer, contain detection of threats attempting to exploit this vulnerability.  See: Exploit-WMF

McAfee Entercept
 McAfee Entercept blocks code execution as a result of the buffer overflow.

McAfee VirusScan Enterprise 8.0i / Managed VirusScan
McAfee VirusScan Enterprise 8.0i blocks code execution as a result of the buffer overflow if the malicious file is opened in Internet Explorer or Windows explorer.  Exploit files may be downloaded by Internet Explorer, rather than being rendered by IE, and subsequently launched by internal applications thus by passing VSE8.0i/MVS buffer overflow protection in this scenario.

McAfee IntruShield
 Updated signatures are included in signature sets 2.1.32.3; 1.9.49.3, 1.8.66.3, 3.1.5.4, and later.

McAfee Foundstone
 Updated signatures are available.

McAfee System Compliance Profiler
 System Compliance Profile users can detect this vulnerability by:

Downloading the file: MS06-001(Q912919).txt

Copy the contents of the above file, and paste within your main ruleset group.

Variants

Variants -

    N/A