Three of the four bulletins address remote code execution errors in various components of Microsoft Windows, while the fourth fixes a flaw in Office.
The first of the four Windows fixes is for five separate issues in the GDI+ component. An attacker could use a number of specially crafted image files to create errors which could then allow for remote code execution. The patch is rated as critical for all currently supported versions of Windows XP, Server and Vista.
The second Windows fix addresses flaws in the Windows Media Encoder software and can be exploited through a specially-crafted web page. That bulletin is listed as critical for Windows Vista and XP, and moderate for Windows server 2003 and 2008.
The third of the patches fixes a flaw in Windows Media Player 11 which could allow for a remote code execution attack by way of a malformed streaming audio file.
The last patch addresses an issue in Office which allows for remote code attacks by way of a specially crafted OneNote URL. The vulnerability is only listed as critical for OneNote 2007 users. All other versions of Office are listed as important under the bulletin.
.png&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
.png&w=120&c=1&s=0)
Tech in Gov 2025
Forrester's Technology & Innovation Summit APAC 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
.jpg&h=271&w=480&c=1&s=1)
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
