Vulnerable Systems:
* Microsoft Windows Server 2008 (32-bit)
* Microsoft Windows Server 2008 (32-bit) Service Pack 2
* Microsoft Windows Server 2008 (Itanium)
* Microsoft Windows Server 2008 (Itanium) Service Pack 2
* Microsoft Windows Server 2008 (x64)
* Microsoft Windows Server 2008 (x64) Service Pack 2
* Microsoft Windows Vista Service Pack 1
* Microsoft Windows Vista Service Pack 2
* Microsoft Windows Vista x64 Edition Service Pack 1
* Microsoft Windows Vista x64 Edition Service Pack 2
* Microsoft Windows Server 2003 Service Pack 2
* Microsoft Windows Server 2003 SP2 (Itanium)
* Microsoft Windows Server 2003 x64 Edition Service Pack 2
* Microsoft Windows XP Professional x64 Edition Service Pack 2
* Microsoft Windows XP Service Pack 3
The vulnerability is caused by a buffer overflow error in the Windows Shell graphics processor when parsing the "biCompression" value within BMP images, which could be exploited by remote attackers to compromise a vulnerable system by tricking a user into opening or previewing a malformed Office file or browsing to a network share, UNC, or WebDAV share, UNC, or WebDAV location containing a specially crafted image.