Only days after Microsoft released a patch to deal with the Windows Metafile vulnerability, it has been revealed that at least two additional flaws have been discovered in the way Windows handles Metafiles. One was posted to the Bugtraq mailing list yesterday, with proof-of-concept exploit code appearing not long after. According to Microsoft, this can be used to cause a denial-of-service crash.
"As it turns out, these crashes are not exploitable but are instead Windows performance issues that could cause some WMF applications to unexpectedly exit. These issues do not allow an attacker to run code or crash the operating system. They may cause the WMF application to crash, in which case the user may restart the application and resume activity," said Lennart Wistrand, lead security program manager in the MSRC (Microsoft Security Response Center).