Description: A security issue has been identified that could allow an attacker to compromise your Windows-based system and gain control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer.

Update type: Critical

Release date: April 3, 2007

Applies to: All versions

Knowledge base: support.microsoft.com/kb/925902

Download link: 32-bit | 64-bit

Comments: Fixes three Vista vulnerabilities:

• EMF Elevation of Privilege Vulnerability CVE-2007-1212: (Important) An ‘Elevation of Privilege’ vulnerability.
  “An elevation of privilege vulnerability exists in the rendering of Enhanced Metafile (EMF) image format files. Any program that renders EMF images on the affected systems could be vulnerable to this attack. An attacker who successfully exploited this vulnerability could take complete control of an affected system.”
• Windows Animated Cursor Remote Code Execution Vulnerability – CVE-2007-0038: (Critical) A ‘Remote Code Execution’ vulnerability.
  “A remote code execution vulnerability exists in the way that Windows handles cursor, animated cursor, and icon formats. An attacker could try to exploit the vulnerability by constructing a malicious cursor or icon file that could potentially allow remote code execution if a user visited a malicious Web site or viewed a specially crafted e-mail message. An attacker who successfully exploited this vulnerability could take complete control of an affected system.”
• GDI Incorrect Parameter Local Elevation of Privilege Vulnerability – CVE-2007-1215: (Important) An ‘Elevation of Privilege’ vulnerability.
  “A local elevation of privilege vulnerability exists in the Graphics Device Interface due to the way it processes color-related parameters. This vulnerability could allow an attacker to take complete control of the system.”