Microsoft Windows WMF graphics rendering engine is affected by multiple memory corruption vulnerabilities. These issues affect the ‘ExtCreateRegion’ and ‘ExtEscape’ functions.These problems present themselves when a user views a malicious WMF formatted file containing specially crafted data.
Reports indicate that these issues lead to a denial of service condition, however, it is conjectured that arbitrary code execution is possible as well.

Well, it is quite possible that we could see yet another rash of WMF exploitation. I believe that it is going to take time before we fully understand all of the different attack vectors and how to defend against them. Then of course there is the whole Win 9x/ME problem, which doesn’t seem to be a problem, yet…
SecurityFocus BID
Bugtraq Posting
ISC Posting

About the author

Paul Asadoorian is the Founder & CEO of Security Weekly, where the flagship show recently re-titled "Paul's Security Weekly" has been airing for over 8 years. By day he is the Product Evangelist for Tenable Network Security. Paul produces and hosts the various shows here at Security Weekly, all dedicated to providing the latest security news, interviews with the industries finest and technical how-to segments. Paul is also the founder and host of "The Stogie Geeks Show", featuring cigar reviews for cigar enthusiasts.