CVE-2006-4071
Microsoft Windows 2003 Server - Denial of Service
Title source: ruleDescription
Sign extension vulnerability in the createBrushIndirect function in the GDI library (gdi32.dll) in Microsoft Windows XP, Server 2003, and possibly other versions, allows user-assisted attackers to cause a denial of service (application crash) via a crafted WMF file.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by cyanid-E · perldoswindows
https://www.exploit-db.com/exploits/3111
References (13)
Scores
EPSS
0.3097
EPSS Percentile
96.8%
Details
Status
published
Products (3)
microsoft/windows_2003_server
r2
microsoft/windows_2003_server
sp1
microsoft/windows_xp
(3 CPE variants)
Published
Aug 10, 2006
Tracked Since
Feb 18, 2026