Red Hat Bugzilla – Bug 177239
[PATCH] CVE-2006-0106: WINE vulnerable to CVE-2005-4560 WMF exploit
Last modified: 2007-11-30 17:11:20 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.0 (like Gecko)
Description of problem:
Wine implements the full WMF API including SETABORTPROC, making it vulnerable
to the Windows WMF exploit (CVE-2005-4560).
This has been fixed in WINE CVS (revision 1.12 of wine/dlls/gdi/metafile.c).
URL: http://it.slashdot.org/comments.pl?sid=173205&cid=14412824 (or you can
get it directly from WINE CVS).
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. firing up a vulnerable Windows app in WINE and
2. opening an infected WMF file with it.
Actual Results: If what I've read is true, it is vulnerable.
Expected Results: Not vulnerable.
Thanks for reporting. Fixed and pushed.
For future reference: The WINE version of the CVE-2005-4560 vulnerability has
been dubbed CVE-2006-0106.