CVE-2006-0106 - Vulnerability Details - OpenCVE

gdi/driver.c and gdi/printdrv.c in Wine 20050930, and other versions, implement the SETABORTPROC GDI Escape function call for Windows Metafile (WMF) files, which allows attackers to execute arbitrary code, the same vulnerability as CVE-2005-4560 but in a different codebase.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Wine	Wine

Configuration 1 [-]

OR	cpe:2.3:a:wine:wine:0.9.2:::::::*
	cpe:2.3:a:wine:wine:0.9.4:::::::*
	cpe:2.3:a:wine:wine:0.9.5:::::::*
	cpe:2.3:a:wine:wine:2005-09-30:::::::*

No data.

References

Link	Providers
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346197
http://lists.immunitysec.com/pipermail/dailydave/2006-January/002806.html
http://secunia.com/advisories/18323
http://secunia.com/advisories/18451
http://secunia.com/advisories/18549
http://secunia.com/advisories/18578
http://www.debian.org/security/2006/dsa-954
http://www.gentoo.org/security/en/glsa/glsa-200601-09.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:014
http://www.novell.com/linux/security/advisories/2006_02_sr.html
http://www.securityfocus.com/archive/1/422128/100/0/threaded
http://www.vupen.com/english/advisories/2006/0098
https://exchange.xforce.ibmcloud.com/vulnerabilities/23846

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-01-06T18:00:00

Updated: 2024-08-07T16:25:32.858Z

Reserved: 2006-01-06T00:00:00

Link: CVE-2006-0106

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2006-01-06T18:03:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2006-0106

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-01-05T00:00:00", "descriptions": [{"lang": "en", "value": "gdi/driver.c and gdi/printdrv.c in Wine 20050930, and other versions, implement the SETABORTPROC GDI Escape function call for Windows Metafile (WMF) files, which allows attackers to execute arbitrary code, the same vulnerability as CVE-2005-4560 but in a different codebase."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-19T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[Dailydave] 20060105 WMF goes away :<", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.immunitysec.com/pipermail/dailydave/2006-January/002806.html"}, {"tags": ["x_refsource_MISC"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346197"}, {"name": "ADV-2006-0098", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/0098"}, {"name": "18578", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/18578"}, {"name": "18549", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/18549"}, {"name": "win-wmf-execute-code(23846)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23846"}, {"name": "20060117 ERRATA: [ GLSA 200601-09 ] Wine: Windows Metafile SETABORTPROC vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/422128/100/0/threaded"}, {"name": "MDKSA-2006:014", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:014"}, {"name": "SUSE-SR:2006:002", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2006_02_sr.html"}, {"name": "DSA-954", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2006/dsa-954"}, {"name": "18451", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/18451"}, {"name": "18323", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/18323"}, {"name": "GLSA-200601-09", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200601-09.xml"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-0106", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "gdi/driver.c and gdi/printdrv.c in Wine 20050930, and other versions, implement the SETABORTPROC GDI Escape function call for Windows Metafile (WMF) files, which allows attackers to execute arbitrary code, the same vulnerability as CVE-2005-4560 but in a different codebase."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[Dailydave] 20060105 WMF goes away :<", "refsource": "MLIST", "url": "http://lists.immunitysec.com/pipermail/dailydave/2006-January/002806.html"}, {"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346197", "refsource": "MISC", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346197"}, {"name": "ADV-2006-0098", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/0098"}, {"name": "18578", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18578"}, {"name": "18549", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18549"}, {"name": "win-wmf-execute-code(23846)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23846"}, {"name": "20060117 ERRATA: [ GLSA 200601-09 ] Wine: Windows Metafile SETABORTPROC vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/422128/100/0/threaded"}, {"name": "MDKSA-2006:014", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:014"}, {"name": "SUSE-SR:2006:002", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2006_02_sr.html"}, {"name": "DSA-954", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2006/dsa-954"}, {"name": "18451", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18451"}, {"name": "18323", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18323"}, {"name": "GLSA-200601-09", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200601-09.xml"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T16:25:32.858Z"}, "title": "CVE Program Container", "references": [{"name": "[Dailydave] 20060105 WMF goes away :<", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.immunitysec.com/pipermail/dailydave/2006-January/002806.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346197"}, {"name": "ADV-2006-0098", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/0098"}, {"name": "18578", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/18578"}, {"name": "18549", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/18549"}, {"name": "win-wmf-execute-code(23846)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23846"}, {"name": "20060117 ERRATA: [ GLSA 200601-09 ] Wine: Windows Metafile SETABORTPROC vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/422128/100/0/threaded"}, {"name": "MDKSA-2006:014", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:014"}, {"name": "SUSE-SR:2006:002", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://www.novell.com/linux/security/advisories/2006_02_sr.html"}, {"name": "DSA-954", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2006/dsa-954"}, {"name": "18451", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/18451"}, {"name": "18323", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/18323"}, {"name": "GLSA-200601-09", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200601-09.xml"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-0106", "datePublished": "2006-01-06T18:00:00", "dateReserved": "2006-01-06T00:00:00", "dateUpdated": "2024-08-07T16:25:32.858Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wine:wine:0.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "E5A4C7F9-1A62-4CC4-8440-6A56C877FF14", "vulnerable": true}, {"criteria": "cpe:2.3:a:wine:wine:0.9.4:*:*:*:*:*:*:*", "matchCriteriaId": "C32ADFB2-57B0-4633-83C8-2A56056C57A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:wine:wine:0.9.5:*:*:*:*:*:*:*", "matchCriteriaId": "3F6ACD85-EC75-404C-9BEF-42939C4D47BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:wine:wine:2005-09-30:*:*:*:*:*:*:*", "matchCriteriaId": "F418DC71-590D-40D0-A2B7-386B450C5075", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "gdi/driver.c and gdi/printdrv.c in Wine 20050930, and other versions, implement the SETABORTPROC GDI Escape function call for Windows Metafile (WMF) files, which allows attackers to execute arbitrary code, the same vulnerability as CVE-2005-4560 but in a different codebase."}], "id": "CVE-2006-0106", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-01-06T18:03:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346197"}, {"source": "cve@mitre.org", "url": "http://lists.immunitysec.com/pipermail/dailydave/2006-January/002806.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/18323"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/18451"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/18549"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/18578"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2006/dsa-954"}, {"source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200601-09.xml"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:014"}, {"source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2006_02_sr.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/422128/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/0098"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23846"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346197"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.immunitysec.com/pipermail/dailydave/2006-January/002806.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/18323"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/18451"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/18549"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/18578"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2006/dsa-954"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200601-09.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:014"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/linux/security/advisories/2006_02_sr.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/422128/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/0098"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23846"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}