GLSA-200601-09 : Wine: Windows Metafile SETABORTPROC vulnerability
High Nessus Plugin ID 20419
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200601-09 (Wine: Windows Metafile SETABORTPROC vulnerability)
H D Moore discovered that Wine implements the insecure-by-design SETABORTPROC GDI Escape function for Windows Metafile (WMF) files.
An attacker could entice a user to open a specially crafted Windows Metafile (WMF) file from within a Wine executed Windows application, possibly resulting in the execution of arbitrary code with the rights of the user running Wine.
There is no known workaround at this time.
SolutionAll Wine users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=app-emulation/wine-0.9.0'