Microsoft Windows GDI WMF Handling Heap Overflow Vulnerability
The Microsoft Windows GDI Graphics Rendering Engine is prone to a heap-overflow vulnerability. This issue is exposed when the component loads a specially crafted WMF (Windows Metafile) image.
If this issue is exploited, a malicious WMF or EMF file could potentially corrupt heap-based memory with attacker-supplied data. This could lead to the execution of arbitrary code and to a complete system compromise.
An attacker could exploit the issue by enticing the victim user to visit a malicious web page that contains the image or to open an email attachment that consists of the image.
This vulnerability is limited to Windows 98/98SE/ME systems.