Newly found
Vulnerabilities 04/12/08:
Active Exploitation of GDI Vulnerabilities
we are following public reports
indicating that attackers are attempting to exploit vulnerabilities in GDI. These
vulnerabilities are due to buffer overflow conditions that exist in the
processing of EMF and WMF image files. By convincing a user to open a specially
crafted EMF or WMF file, a remote attacker may be able to execute arbitrary
code. These vulnerabilities were addressed in Microsoft Security Bulletin MS08-021. Users who have not applied this patch are
vulnerable.
We encourage users to review MS08-021 and apply the patch or workarounds to help mitigate
the risks.