Microsoft · Windows · CVE-2006-4071
**Name of the Vulnerable Software and Affected Versions**
Microsoft Windows versions prior to the fixed version
**Description**
The issue is related to a sign extension vulnerability in the createBrushIndirect function within the GDI library (gdi32.dll). This vulnerability allows user-assisted attackers to cause a denial of service, resulting in an application crash, by using a crafted WMF file.
**Recommendations**
For Microsoft Windows versions prior to the fixed version, update to the latest version to resolve the issue. As a temporary workaround, consider restricting the use of WMF files to minimize the risk of exploitation.