I’m a little slow today. But this is a serious vulnerability. Get patched ASAP. The patch is here.
eEye originally reported this vulnerability. Here is the security bulletin from Full Disclosure
Windows Metafile SetPalette Entries Heap OVerflow Vulnerability (Graphics Rendering Engine Vulnerability)
Release Date:
November 8, 2005Date Reported:
September 1, 2005Severity:
High (Code Execution)Vendor:
MicrosoftSystems Affected:
Windows 2000
Windows XP SP0, SP1
Windows Server 2003 SP0Overview:
eEye Digital Security has discovered a vulnerability in the way the Windows Graphical Device Interface (GDI) processes Windows Metafile (WMF) format image files that would allow arbitrary code execution as a user who attempts to view a malicious image. An attacker could send such a metafile to a victim of his choice over any of a variety of attack vectors, including an HTML e-mail, a link to a web page, a metafile-bearing Microsoft Office document, or a chat message.
The eEye link is here.
Catherine has more here too. Brian Krebs is also on it.
Alex Eckelberry
(Thanks Eric S.)