Description: Symantec has reported a vulnerability in certain old versions of Windows, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an integer overflow error in the graphics rendering engine when processing WMF (Windows Metafile) images. This can be exploited to cause a heap-based buffer overflow when a user e.g. visits a malicious web site.
Successful exploitation allows execution of arbitrary code.
Solution: Apply patches.
Windows 98, Windows 98 SE, and Windows Me:
Patches are available from the Windows Update web site.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.