iDefense Security Advisory 04.08.08 - Remote exploitation of a heap based buffer overflow vulnerability in multiple versions of Microsoft Corp.'s Windows operating system could allow an attacker to execute arbitrary code with the privileges of the current user. iDefense has confirmed the existence of this vulnerability in Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, and Windows Vista.
7f0b5f5daff1e693ba3c2e9e4c1d40241602f4f0f1bd639eeb6348752f914329
iDefense Security Advisory 04.08.08 - Remote exploitation of an integer overflow vulnerability in multiple versions of Microsoft Corp.'s Windows operating system could allow an attacker to execute arbitrary code with the privileges of the current user. iDefense has confirmed the existence of this vulnerability in Windows 2000 SP4 and Windows XP SP2.
03d39e0c171617bc6bed7fb6be3e14daf1be8b9c372dfa5615c0ba6aa4d0858e
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required in that a user must open a malicious file or visit a malicious web page. The specific flaw exists within the parsing of malformed WMF files. A vulnerability exists in the GDI function CreateDIBPatternBrushPt used when processing WMF files. Due to a mis-calculation of user data a heap chunk can be under-allocated and later used resulting in a heap overflow. Successful exploitation can result in system compromise under the credentials of the currently logged in user.
34953549b26a5db96fbab3faafd2fc61b496bf2b5c73f1439c8a3505da7e6bab