Bug 177239

Summary: [PATCH] CVE-2006-0106: WINE vulnerable to CVE-2005-4560 WMF exploit
Product: [Fedora] Fedora Reporter: Kevin Kofler <kevin>
Component: wineAssignee: Andreas Bierfert <andreas.bierfert>
Status: CLOSED NEXTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: 4CC: extras-qa
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: i386   
OS: Linux   
URL: http://blogs.zdnet.com/Ou/index.php?p=146
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-01-08 10:34:12 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Kevin Kofler 2006-01-08 02:09:03 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.0 (like Gecko)

Description of problem:
Wine implements the full WMF API including SETABORTPROC, making it vulnerable   
to the Windows WMF exploit (CVE-2005-4560).  
  
This has been fixed in WINE CVS (revision 1.12 of wine/dlls/gdi/metafile.c). 
URL: http://it.slashdot.org/comments.pl?sid=173205&cid=14412824 (or you can 
get it directly from WINE CVS). 

Version-Release number of selected component (if applicable):
wine-0.9.4-5.fc4

How reproducible:
Didn't try

Steps to Reproduce:
Try:  
1. firing up a vulnerable Windows app in WINE and  
2. opening an infected WMF file with it. 
    

Actual Results:  If what I've read is true, it is vulnerable. 

Expected Results:  Not vulnerable. 

Additional info:

Comment 1 Andreas Bierfert 2006-01-08 10:34:12 UTC
Thanks for reporting. Fixed and pushed.

Comment 2 Kevin Kofler 2006-01-21 18:28:52 UTC
For future reference: The WINE version of the CVE-2005-4560 vulnerability has 
been dubbed CVE-2006-0106.