Microsoft say they are nothing more than Denial of Service flaws causing the rendering application to crash. Bugtraq reports fears that modification to the proof of concept code could result in an exploit capable of gaining system level privileges if an administrator views the (specially crafted) malicious file.
http://www.securityfocus.com/bid/16167/discuss
Microsoft Windows GRE WMF Format Multiple Memory Overrun Vulnerabilities
[UPDATE]Microsoft Windows GRE WMF Format Multiple Unauthorized Memory Access Vulnerabilities
The solution given by the discoverer of this issue is as follows...
http://www.securityfocus.com/bid/16167/discuss
Microsoft Windows GRE WMF Format Multiple Memory Overrun Vulnerabilities
[UPDATE]Microsoft Windows GRE WMF Format Multiple Unauthorized Memory Access Vulnerabilities
http://www.pcmag.com/article2/0,1895,1909522,00.asp...
The issue is described as a denial-of-service condition, but there are fears that arbitrary code execution may be possible if the exploit is modified.
The solution given by the discoverer of this issue is as follows...
Microsoft has not develop the patch,please unregister the Windows Picture and Fax Viewer (Shimgvw.dll)(see MS06-001).