Microsoft has warned of critical security flaws in the way its Windows operating system handles certain graphics files.
The software giant warned that two of the three bugs could be exploited by hackers to take control of an affected system. The third could lead to a denial of service.
The bugs were found in Windows’ Graphics Rendering Engine and in two file formats – Windows Metafile and Enhanced Metafile. A Microsoft security bulletin warns, “A remote code execution vulnerability exists in the rendering of Windows Metafile (WMF) and Enhanced Metafile (EMF) image formats that could allow remote code execution on an affected system.
“Any program that renders WMF or EMF images on the affected systems could be vulnerable to this attack.”
It adds, “An attacker could try to exploit this vulnerability through malicious web sites or through email over the internet.”
Hackers who were able to log on locally could run a specially designed program to exploit the vulnerability, “and thereby gain complete control over the affected system”, the bulletin warns.
The denial of service vulnerability was found in the rendering of the Enhanced Metafile (EMF) image format, it says.
Microsoft has released a series of patches for different versions of Windows. Windows 98, Windows 98 Second Edition and Windows Millennium Edition are not affected.