This detection covers a proof of concept code (CVE-2006-5758), that may cause denial of service or possible remote code execution on certain Windows Platforms.

Platforms affected:

Microsoft Windows 2000
Microsoft Windows 2000 Service Pack 1
Microsoft Windows 2000 Service Pack 2
Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2

Aliases

• CVE-2006-5758

Symptoms:

Crash or BSOD of machines running affected operating systems.

Characterstics: 

This is a proof of concept code that may Blue Screen the system upon execution. It tries to write random data in kernel GDI structure, which may result in a BSOD. It can potentially be exploited for remote code execution by malware authors.

Method of Infection: 

This is a proof of concept code and no malware that exploit this vulnerability has been seen in the wild yet.

Removal: 

AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.