7.5
CVE-2005-4560
- EPSS 90.52%
- Published 28.12.2005 19:03:00
- Last modified 03.04.2025 01:03:51
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and CVE-2005-2124, and as originally discovered in the wild on unionseek.com.
Data is provided by the National Vulnerability Database (NVD)
Microsoft ≫ Windows 2003 Server Versionenterprise Edition64-bit
Microsoft ≫ Windows 2003 Server Versionenterprise Updatesp1
Microsoft ≫ Windows 2003 Server Versionr2 Edition64-bit
Microsoft ≫ Windows 2003 Server Versionr2 Updatesp1
Microsoft ≫ Windows 2003 Server Versionstandard Edition64-bit
Microsoft ≫ Windows 2003 Server Versionstandard Updatesp1
Microsoft ≫ Windows 2003 Server Versionweb
Microsoft ≫ Windows 2003 Server Versionweb Updatesp1
Microsoft ≫ Windows Xp Editionhome
Microsoft ≫ Windows Xp Editionmedia_center
Microsoft ≫ Windows Xp Updategold Editionprofessional
Microsoft ≫ Windows Xp Updatesp1 Editionhome
Microsoft ≫ Windows Xp Updatesp1 Editionmedia_center
Microsoft ≫ Windows Xp Updatesp2 Editionhome
Microsoft ≫ Windows Xp Updatesp2 Editionmedia_center
Microsoft ≫ Windows Xp Updatesp2 Editiontablet_pc
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 90.52% | 0.995 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.