Yaniv Miron

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows versions prior to the fixed version **Description** A remote code execution issue exists in the way the Windows Shell graphics processor handles specially crafted thumbnail images. This allows attackers to execute arbitrary code via a crafted .MIC or Office document containing a thumbnail bitmap with a negative `biClrUsed` value. An attacker who successfully exploits this issue could run arbitrary code in the security context of the logged-on user, potentially installing programs, viewing, changing, or deleting data, or creating new accounts with full user rights. **Recommendations** For Microsoft Windows versions prior to the fixed version, update to the latest version to resolve the issue. As a temporary workaround, consider restricting access to thumbnail images from untrusted sources until a patch is available.