VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 28, 2005· Updated Apr 16, 2026

CVE-2005-4560

CVE-2005-4560

Description

The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and CVE-2005-2124, and as originally discovered in the wild on unionseek.com.

Affected products

16
  • Microsoft/Windows Server 20038 versions
    cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*+ 7 more
    • cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2003_server:enterprise:sp1:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2003_server:r2:sp1:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2003_server:standard:sp1:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2003_server:web:sp1:*:*:*:*:*:*
  • Microsoft/Windows Xp8 versions
    cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*+ 7 more
    • cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

37

News mentions

0

No linked articles in our index yet.