Wine: Windows Metafile SETABORTPROC vulnerability
Gentoo Linux Security Advisory
||GLSA 200601-09 / wine
||January 13, 2006
||February 26, 2007: 03
All supported architectures
There is a flaw in Wine in the handling of Windows Metafiles (WMF) files,
which could possibly result in the execution of arbitrary code.
Wine is a free implementation of Windows APIs for Unix-like systems.
H D Moore discovered that Wine implements the insecure-by-design
SETABORTPROC GDI Escape function for Windows Metafile (WMF) files.
An attacker could entice a user to open a specially crafted Windows
Metafile (WMF) file from within a Wine executed Windows application,
possibly resulting in the execution of arbitrary code with the rights
of the user running Wine.
There is no known workaround at this time.
All Wine users should upgrade to the latest version:
Code Listing 3.1: Resolution
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/wine-0.9.0"