Microsoft acknowledges serious Windows security vulnerability
Thumbnails. :lol:he exploit, first reported on December 15 at a security conference in South Korea, takes advantage of the way Windows' graphics rendering engine processes certain thumbnail images. The booby-trapped images could be placed in an Office document, a website, or an e-mail.
"An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the logged-on user," Microsoft said in a statement. "An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."