Vulnerabilities in GDI Could Allow Remote Code Execution (948590).

Microsoft Security Bulletin MS08-021 (April 8, 2008)– Critical

This security update – kb948590 – resolves two privately reported vulnerabilities in GDI, by modifying the way that GDI handles integer calculations and string parameters.

Exploitation of either of these vulnerabilities could allow remote code execution if a user opens a specially crafted EMF or WMF image file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete files/data; or create new accounts with full acces/user rights.

Afected Software (OS):

• Windows Vista,
• All supported releases of Windows XP,
• Microsoft Windows 2000 Service Pack 4,
• Windows Server 2003,
• Windows Server 2008.

Microsoft Update & Suport : http://support.microsoft.com/kb/948590