This Alert is being sent to notify you of a new remote code execution vulnerability existing in the Vector Markup Language (VML) implementation in Microsoft Windows. An attacker could exploit the vulnerability by constructing a specially crafted Web page or HTML e-mail that could potentially allow remote code execution if a user visited the Web page or viewed the message. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

About the Windows Metafile Handling Buffer Overflow

Systems Affected:

• Microsoft Windows 2000 Service Pack 4
• Microsoft Windows XP Service Pack 2 
• Microsoft Windows XP Professional x64 Edition 
• Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 
• Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems 
• Microsoft Windows Server 2003 x64 Edition
  

Components Affected:

• Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
• Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4 
• Internet Explorer 7 on Microsoft Windows XP Service Pack 2 
• Internet Explorer 7 on Microsoft Windows XP Professional x64 
• Internet Explorer 7 on Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  

Impact: If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Vulnerability Description and Facts:

In a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or instant messenger message that takes users to the attacker's Web site.

In an e-mail based attack of this exploit, customers who read e-mail in plain text are at less risk from this vulnerability. Instead users would have to either click on a link that would take them to a malicious Web site or open an attachment to be at risk from this vulnerability.

In an e-mail based attack of this exploit, customers who read e-mail using Outlook Express on Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, are at less risk from this vulnerability because Binary and Script Behaviors is disabled by default in the Restricted sites zone.

An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Solution:  If you are running an infected system apply the patch using one of the steps.

Solution 1. Microsoft has released a patch specific to each affected operating system listed above. The patch can be found at the following link: http://www.microsoft.com/technet/security/Bulletin/MS07-004.mspx

Solution 2. Run Windows Update from your local computer and select the option to install security update for 929969