CVE-2015-1645

Name of the Vulnerable Software and Affected Versions Microsoft Windows Server 2003 SP2 Microsoft Windows Vista SP2 Microsoft Windows Server 2008 SP2 and R2 SP1 Microsoft Windows 7 SP1

Description The issue is related to the improper processing of specially crafted Enhanced Metafile (EMF) image format files, allowing remote attackers to execute arbitrary code. This could enable an attacker to run arbitrary code as the logged-on user, potentially leading to the installation of programs, viewing, changing, or deleting data, or creating new accounts with full user rights. If the user is logged on with administrative user rights, the attacker could take complete control of the affected system. Users with fewer user rights on the system could be less impacted than those operating with administrative user rights.

Recommendations For Microsoft Windows Server 2003 SP2, update to a newer version to mitigate the risk. For Microsoft Windows Vista SP2, update to a newer version to mitigate the risk. For Microsoft Windows Server 2008 SP2 and R2 SP1, update to a newer version to mitigate the risk. For Microsoft Windows 7 SP1, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting the processing of EMF image files until a patch is available.