CVE-2004-0209

Microsoft Windows 2000, Windows XP, and Windows Server 2003 - Remote Code Execution via WMF/EMF Image Processing

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-0209. PoCs published by houseofdabus.

AI-analyzed exploit summary This exploit targets a heap overflow vulnerability in Microsoft Windows XP's graphics rendering engine (CVE-2004-0209) via a malicious EMF file. It includes shellcode for port binding or downloading/executing a payload, triggered by viewing the file or thumbnail.

Description

Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer."

Exploits (1)

exploitdb WORKING POC VERIFIED

by houseofdabus · cremotewindows_x86

https://www.exploit-db.com/exploits/584

View Code ZIP pw:eip

This exploit targets a heap overflow vulnerability in Microsoft Windows XP's graphics rendering engine (CVE-2004-0209) via a malicious EMF file. It includes shellcode for port binding or downloading/executing a payload, triggered by viewing the file or thumbnail.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Windows XP SP1 (Graphics Rendering Engine)

No auth needed

Prerequisites: Victim must open or preview the malicious EMF file

MITRE ATT&CK