- Dec 2, 2005
http://www.microsoft.com/technet/security/advisory/912840.mspxVulnerability in Graphics Rendering Engine Could Allow Remote Code Execution.
Published: December 28, 2005
Microsoft is investigating new public reports of a possible vulnerability in Windows. Microsoft will continue to investigate the public reports to help provide additional guidance for customers.
Microsoft is aware of the public release of detailed exploit code that could allow an attacker to execute arbitrary code in the security context of the logged-on user, when such user is visiting a Web site that contains a specially crafted Windows Metafile (WMF) image. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's Web site.