Posted on Wednesday, December 28 2005 @ 21:57 CET by Thomas De Maesschalck
The vulnerability is caused due to an error in the handling of corrupted Windows Metafile files (".wmf"). This can be exploited to execute arbitrary code by tricking a user into opening a malicious ".wmf" file in "Windows Picture and Fax Viewer" or previewing a malicious ".wmf" file in explorer (i.e. selecting the file). This can also be exploited automatically when a user visits a malicious web site using Microsoft Internet Explorer.A fully patched Windows XP SP2 system is vulnerable and Windows XP SP1 and Microsoft Windows Server 2003 SP0 / SP1 are also affected. Other platforms may also be affected.
It's advised not to open untrusted .wmf files and set security level to "High" in Microsoft Internet Explorer.