CVE-2003-0906
Description
Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Remote code execution via buffer overflow in Windows metafile (WMF/EMF) rendering on NT 4.0, 2000, and XP.
Vulnerability
A heap-based buffer overflow exists in the rendering code for Windows Metafile (WMF) and Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 Service Pack 6a, Windows 2000 Service Pack 2 through Service Pack 4, and Windows XP Service Pack 1 [1][2]. The vulnerability occurs when the system processes a specially crafted WMF or EMF file, allowing corruption of heap memory.
Exploitation
An attacker must convince a user to open a malicious WMF or EMF file, either by hosting it on a website and enticing the user to view it via a browser, or by sending it as an email attachment [1][2]. No authentication is required beyond user interaction. The attacker does not need a specific network position; any vector that delivers the image to the vulnerable rendering function can succeed.
Impact
Successful exploitation grants the attacker arbitrary code execution on the target system with the same privileges as the logged-on user [1][2]. This can lead to full compromise of the affected machine, including installation of programs, viewing, changing, or deleting data, and creating new accounts with full user rights.
Mitigation
Microsoft released security update MS04-011 on April 13, 2004, which addresses the vulnerability for all affected platforms [1]. Users should apply the update immediately. No workarounds are documented, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
7cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*
- (no CPE)range: SP2 through SP4
- cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*
- (no CPE)range: SP1
- Range: SP6a
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- www.kb.cert.org/vuls/id/547028nvdPatchThird Party AdvisoryUS Government Resource
- www.us-cert.gov/cas/techalerts/TA04-104A.htmlnvdThird Party AdvisoryUS Government Resource
- www.securityfocus.com/bid/10120nvd
- docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1064nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A897nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A959nvd
News mentions
0No linked articles in our index yet.