Microsoft has released a patch that addresses three critical security vulnerabilities related to the way Windows processes the Metafile images. The Metafile vulnerabilities, which affect most versions of Windows, could theoretically be exploited to allow a user to shut down or even gain control of an unpatched system by tricking a user into viewing a maliciously formatted Metafile image. The most likely way for an attacker to take advantage of these bugs would be by sending e-mail with a malicious graphic and hoping that it would be opened in Microsoft Outlook’s preview pane. Attackers could also trick users into viewing such an image on a Web site.

full text: http://cdrinfo.com/Sections/…