Microsoft GDI WMF Parsing Heap Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required in that a user must open a malicious file or visit a malicious web page. The specific flaw exists within the parsing of malformed WMF files. A vulnerability exists in the GDI funcion CreateDIBPatternBrushPt used when processing WMF files. Due to a mis-calculation of user data a heap chunk can be under-allocated and later used resulting in a heap overflow. Successful exploitation can result in system compromise under the credentials of the currently logged in user.