LowMicrosoft Windows Knowledge Base Article 948850 update is not installed on the system, which could allow an attacker to exploit the following vulnerabilities:
Microsoft Windows graphic device interface (GDI) is vulnerable to an heap-based buffer overflow, caused by improper bounds checking of EMF and WMF image file headers. By persuading a victim to open a specially-crafted EMF or WMF file, a remote attacker could overflow a buffer and execute arbitrary code on the system.
Microsoft Windows graphic device interface (GDI) is vulnerable to an stack-based buffer overflow, caused by improper bounds checking of EMF image filename parameters. By persuading a victim to open a specially-crafted EMF file, a remote attacker could overflow a buffer and execute arbitrary code on the system.
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS08-021. See References.
Microsoft Security Bulletin MS08-021
Vulnerabilities in GDI Could Allow Remote Code Execution (948590)
http://www.microsoft.com/technet/security/bulletin/ms08-021.mspx
IBM Internet Security Systems X-Force Database
Microsoft Windows GDI EMF and WMF header buffer overflow
http://xforce.iss.net/xforce/xfdb/41471
IBM Internet Security Systems X-Force Database
Microsoft Windows GDI EMF filename parameter buffer overflow
http://xforce.iss.net/xforce/xfdb/41472
ISS X-Force
Microsoft Windows Knowledge Base Article 948590 update not installed
http://www.iss.net/security_center/static/41473.php
CVE CVE-2008-1087
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1087
CVE CVE-2008-1083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1083
