• Microsoft Windows 2000 Service Pack 4
• Microsoft Windows Server 2003 Service Pack 1
• Microsoft Windows Server 2003 Service Pack 2
• Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
• Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
• Microsoft Windows Server 2003 x64 Edition
• Microsoft Windows Server 2003 x64 Edition Service Pack 2
• Microsoft Windows XP Professional x64 Edition
• Microsoft Windows XP Professional x64 Edition Service Pack 2
• Microsoft Windows XP Service Pack 2
• Microsoft Windows XP Service Pack 3

This vulnerability in the Microsoft Image Color Management (ICM) system could allow remote code execution in the context of the current user. If a user is logged on with administrative user rights, an attacker who successfully exploits this vulnerability could take complete control of an affected system, thus he is able to install programs; view, change, or delete data; or create new accounts with full user rights. Users configured to have fewer administrative privileges could be less impacted than users who operate with full administrative user rights.

Patches for this vulnerability can be downloaded on this Microsoft Web page.

Microsoft recommends turning off metafile processing by modifying the registry. It is also advised to read e-mail messages in plain text format to help protect against the HTML e-mail attack vector.

More details regarding these workarounds may be found on this Microsoft Web page.