Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-0143 — Microsoft Windows 2003 Server vulnerability

CWE-3994 documents4 sources

Severity

7.5HIGHNVD

EPSS

72.6%

top 1.23%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Windows 2003 Server

Timeline

PublishedJan 9

Latest updateMay 1

Description

Microsoft Windows Graphics Rendering Engine (GRE) allows remote attackers to corrupt memory and cause a denial of service (crash) via a WMF file containing (1) ExtCreateRegion or (2) ExtEscape function calls with arguments with inconsistent lengths.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDmicrosoft/windows_2003_server7 versions+6

Patches

Patch: securitytracker.com ↗Patch: securitytracker.com ↗

🔴Vulnerability Details

GHSA

GHSA-5429-cf9p-rx53: Microsoft Windows Graphics Rendering Engine (GRE) allows remote attackers to corrupt memory and cause a denial of service (crash) via a WMF file conta↗2022-05-01

▶

CVEList

CVE-2006-0143: Microsoft Windows Graphics Rendering Engine (GRE) allows remote attackers to corrupt memory and cause a denial of service (crash) via a WMF file conta↗2006-01-09

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows - Graphics Rendering Engine Multiple Memory Corruption Vulnerabilities↗2006-01-09

▶